Privacy Policy

1. Controller

ConsentForge GmbH is the controller of your personal data as described in this Privacy Policy. Contact: privacy@consentforge.com

2. Data We Collect

We collect the following categories of personal data:

• Account data: Name, email address, company name
• Usage data: Pages visited, features used, timestamps
• Billing data: Payment method tokens (stored by our payment processor)
• Technical data: IP address (anonymized after 30 days), browser type

3. Legal Basis for Processing

We process your data on the following legal bases under GDPR Article 6:

• Contract performance (Art. 6(1)(b)): Account management and Service delivery
• Legitimate interests (Art. 6(1)(f)): Security, fraud prevention, product improvement
• Legal obligation (Art. 6(1)(c)): Tax and accounting records

4. Data Retention

Account data is retained for the duration of your account plus 90 days. Billing records are retained for 10 years as required by EU tax law. Evidence logs are retained for 7 years.

5. Data Transfers

All data is processed exclusively in the European Union. We do not transfer personal data to third countries. Our infrastructure is hosted in Frankfurt and Amsterdam.

6. Your Rights

Under GDPR, you have the right to access, correct, delete, and port your personal data. You may also object to processing or restrict it in certain circumstances. To exercise these rights, contact privacy@consentforge.com.

7. Sub-processors

We use a limited number of sub-processors for infrastructure and payments. A full list is available upon request. All sub-processors are EU-based or operate under standard contractual clauses.

8. Supervisory Authority

You have the right to lodge a complaint with a supervisory authority. A list of EU DPAs is available at edpb.europa.eu.