Privacy Policy

Last updated: March 29, 2026

CookieBoss is operated by Transformination OÜ (registry code: 17449477), Sepapaja tn 6, 15551 Tallinn, Estonia (“we”, “us”, “our”).

1. What We Collect

When you use CookieBoss, we collect:

  • Account information: name, email, password (hashed), company name
  • Billing information: processed by Stripe — we never store your card details
  • Usage data: pages visited, features used, consent banner configurations
  • Site scan data: cookies, tracking scripts, and compliance scores for websites you scan
  • Technical data: IP address (anonymized), browser type, device info

2. How We Use Your Data

  • Provide the service: manage your account, configure consent banners, run scans
  • Process payments: via Stripe for subscription billing
  • Improve the product: analyze usage patterns to improve features
  • Send transactional emails: account verification, password reset, billing notifications
  • Comply with law: respond to legal requests, enforce our terms

3. Data Processors

We use the following third-party services:

ProcessorPurposeLocation
CloudflareHosting, CDN, edge computingGlobal
StripePayment processingUSA/EU
ResendTransactional emailUSA

4. Data Retention

  • Account data: retained while your account is active, deleted within 30 days of account closure
  • Scan results: retained for 12 months, then automatically purged
  • Billing records: retained for 7 years as required by Estonian tax law

5. Your Rights (GDPR)

As a data subject under GDPR, you have the right to:

  • Access your personal data
  • Rectify inaccurate data
  • Erase your data (“right to be forgotten”)
  • Restrict processing of your data
  • Port your data to another service
  • Object to processing based on legitimate interest

To exercise any of these rights, email us at [email protected].

6. Data Security

We protect your data with:

  • Encryption in transit (TLS 1.3)
  • Encryption at rest (Cloudflare D1)
  • Password hashing (PBKDF2 with WebCrypto)
  • JWT-based session management with token revocation
  • Multi-tenant isolation (customer_id in all queries)

7. Cookies on cookieboss.io

We practice what we preach. Our website uses only essential cookies required for the service to function. We do not use analytics or marketing cookies without consent.

8. Children

CookieBoss is not intended for children under 16. We do not knowingly collect data from children.

9. Changes

We may update this policy. Significant changes will be communicated via email to registered users.

10. Contact

Transformination OÜ Sepapaja tn 6, 15551 Tallinn, Estonia Email: [email protected]