ConsentForge

Legal

Privacy Policy

Last updated: March 15, 2026

1. Controller

The controller under the General Data Protection Regulation (GDPR) is the operator of the ConsentForge service, reachable at: privacy@consentforge.com.

ConsentForge is not a registered legal entity. The service is provided by a sole operator. For all privacy-related inquiries, please contact the email address above.

2. Data We Collect

We process the following categories of personal data:

  • Account data: Email address, name, company name (as provided at registration)
  • Usage data: Pages visited, features used, timestamps
  • Billing data: Payment method tokens (stored by our payment processor, not by us)
  • Technical data: IP address (anonymized after 30 days), browser type, operating system

We do not collect special categories of personal data as defined in Article 9 GDPR.

3. Legal Basis for Processing

We process personal data on the following legal bases under GDPR Article 6:

  • Contract performance (Art. 6(1)(b)): Account management and service delivery
  • Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, product improvement
  • Legal obligation (Art. 6(1)(c)): Tax and accounting records

4. Data Retention

  • Account data: Duration of the contract plus 90 days after termination
  • Consent evidence logs: 7 years (statutory retention obligation)
  • Technical logs: 30 days, then automatically anonymized or deleted

5. Data Transfers

All data is processed exclusively within the European Union. Our infrastructure is hosted in Frankfurt and Amsterdam. We do not transfer personal data to third countries.

6. Sub-processors

We use a limited number of sub-processors for infrastructure and payment processing. All sub-processors are EU-based or operate under Standard Contractual Clauses (SCCs). A complete list is available upon request.

7. Your Rights

Under the GDPR, you have the following rights:

  • Access (Art. 15): Right to obtain a copy of your personal data
  • Rectification (Art. 16): Right to correct inaccurate data
  • Erasure (Art. 17): Right to deletion where no retention obligation applies
  • Restriction (Art. 18): Right to restrict processing in certain circumstances
  • Portability (Art. 20): Right to receive your data in machine-readable format
  • Objection (Art. 21): Right to object to processing based on legitimate interests

To exercise these rights, contact us at privacy@consentforge.com. We respond to requests within 30 days.

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. A list of EU data protection authorities is available at edpb.europa.eu.

9. Cookies and Tracking

Our marketing website uses only strictly necessary cookies. No analytics, advertising, or tracking cookies are set without your consent. The web application (dashboard) may use functional session cookies required for service operation.

10. Changes to This Policy

Material changes will be communicated to you by email or through a prominent notice in the dashboard. The date of the latest update is shown at the top of this page.