Legal

Privacy Policy

Last updated: March 23, 2026

1. Who we are

LiteConsent ("we", "us") operates the cookie consent management service at liteconsent.com.

For questions about this policy or your data, contact us at [email protected].

2. What data we collect

Account data (our customers)

  • Email address and password (hashed with Argon2id)
  • Name (optional, for team accounts)
  • Billing information (processed by Paddle, our Merchant of Record)
  • Site domains you register
  • Banner configurations and settings

Consent records (your website visitors)

  • Randomly generated visitor ID (8 cryptographically random bytes). This ID is not derived from any personal data: no IP address, no browser fingerprint, no user-agent string. It is generated at random on first visit and stored only in the visitor's browser cookie. No personal information is used to identify visitors. IP addresses are never stored.
  • Consent decision (accepted/rejected categories)
  • Timestamp
  • Banner version hash
  • Country/region (derived from geo-detection)

Technical data

  • Session tokens (hashed, stored server-side)
  • IP addresses in server logs (retained for 7 days for security)
  • Browser type and version (for compatibility)

3. How we use your data

  • To provide the service — managing your account, sites, banner configuration, and serving consent records
  • To record consent — storing consent decisions from your visitors as required by GDPR for audit and compliance proof
  • To send transactional emails — account verification, password resets, billing notifications, usage alerts
  • To enforce plan limits — tracking consent counts against your plan allowance
  • To detect abuse — rate limiting, bot detection, and security monitoring

We do not sell your data. We do not use your data for advertising. We do not profile your website visitors.

4. Legal basis for processing

  • Contract performance (Art. 6(1)(b) GDPR) — processing necessary to provide the service you signed up for
  • Legitimate interest (Art. 6(1)(f) GDPR) — security monitoring, abuse prevention, service improvement
  • Legal obligation (Art. 6(1)(c) GDPR) — retaining billing records as required by law

5. Where we store your data

All data is stored in data centers in Germany (EU), operated by Hetzner Online GmbH. Consent records, account data, and banner configurations never leave the EU.

Some sub-processors operate outside the EU. See our Sub-processors page for details. Where data is transferred outside the EU, we ensure appropriate safeguards are in place (Standard Contractual Clauses).

6. Data retention

  • Account data — retained while your account is active, deleted within 30 days of account deletion
  • Consent records — retained according to your plan: 1 year (Basic), 2 years (Pro), or 3 years (Business). Automatically purged after the retention period.
  • Server logs — 7 days
  • Billing records — retained as required by applicable tax law (typically 7 years)

7. Sub-processors

We use a limited number of third-party services to operate LiteConsent. A full list is maintained at /sub-processors. We will notify you at least 30 days before adding a new sub-processor.

8. Your rights

Under GDPR, you have the right to:

  • Access your personal data (Art. 15)
  • Rectify inaccurate data (Art. 16)
  • Erase your data (Art. 17) — you can delete your account from the dashboard
  • Export your data in a portable format (Art. 20)
  • Restrict processing (Art. 18)
  • Object to processing (Art. 21)
  • Lodge a complaint with a supervisory authority

To exercise any of these rights, email [email protected]. We will respond within 30 days.

9. Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Passwords hashed with Argon2id (m=64MB, t=3, p=4)
  • TOTP secrets encrypted with AES-256-GCM
  • Session tokens hashed with SHA-256, transmitted via Secure HttpOnly cookies
  • All traffic encrypted with TLS
  • Rate limiting on all endpoints
  • CSRF protection on all state-changing operations

For details, see our Security Policy.

10. Cookies we use

LiteConsent itself uses a minimal set of cookies. See our Cookie Policy for details.

11. Changes to this policy

We may update this policy from time to time. We will notify you of material changes by email or by a notice on our website at least 30 days before the changes take effect.