Privacy policy

Last updated on 11.06.2025.

Data Controller Information

G Interactive, SIA Alejas iela 7, Jūrmala LV-2012 Latvia Website: https://cookieforte.com Email: [email protected]

Data Processing for Consent Management

What We Collect

When you interact with our consent management platform, we collect and process the following data:

Data collected directly from you:

  • Date and time of your consent decisions
  • Your consent preferences for different cookie categories
  • Website interactions when you use consent banners

Data collected automatically:

  • Obfuscated IP address (last segment removed for privacy) - obtained from your device's network connection
  • Website URL where consent was given - obtained from the webpage
  • Browser information (user agent string) - obtained from your browser to ensure proper functionality across different browsers and devices

Data processing requirements:

  • Consent preferences: Required to provide consent management services
  • Technical data (IP, browser, URL): Necessary for service functionality and legal compliance
  • Timestamps: Required for audit and compliance purposes

All data collection is necessary for our legitimate business purposes and legal compliance requirements.

How We Process Your IP Address

Your IP address is automatically obfuscated by removing the last segment (e.g., 192.168.1.123 becomes 192.168.1.0) to reduce identifiability while maintaining necessary functionality.

Why We Process Your Data

We process this information based on our legitimate interest to:

  • Record and manage your consent preferences to ensure websites only use cookies you've approved
  • Determine your geographic location to show you the appropriate consent banner and privacy notices required by your local privacy laws (GDPR, CCPA, etc.)
  • Maintain audit trails to demonstrate compliance with privacy regulations and prove valid consent was obtained
  • Ensure technical functionality across different browsers and devices
  • Prevent fraud and abuse of our consent management system
  • Provide analytics to website owners about consent rates by general geographic regions

Legal Basis

We process your data under Article 6(1)(f) of the GDPR - legitimate interest. Our legitimate interest is to ensure compliance with privacy laws that require proper consent management, maintain accurate records of user preferences, and provide functional consent management services across different technical environments.

Data Retention

  • Consent records (including consent preferences, timestamps, and obfuscated IP addresses) are retained for the duration set by the website owner, with a maximum of 12 months
  • Browser information is retained with consent records for technical support and compatibility purposes
  • Security logs containing IP addresses are retained for up to 90 days

Your Rights

You have the right to:

  • Request access to your consent data and preferences
  • Request deletion of your consent records (subject to our legitimate interests and legal obligations)
  • Object to processing of your data
  • Update your consent preferences at any time
  • Lodge a complaint with the Data State Inspectorate of Latvia (https://www.dvi.gov.lv) or your local data protection authority

Exercising Your Rights

How to Make a Request

To exercise your data protection rights, please contact us at [email protected] with:

  • Subject line: "Data Protection Request - [Type of Request]"
  • Your request details: Clearly state what you want (access, deletion, portability, etc.)
  • Identification: Provide information to help us locate your data (email address, consent ID if available)

Identity Verification

To protect your privacy and prevent unauthorized access, we may ask you to verify your identity by:

  • Confirming details associated with your account or consent records
  • Responding from the email address associated with your data
  • Providing additional verification if we have reasonable doubts about your identity

Response Timeframes

  • We will acknowledge your request within 3 business days
  • We will respond to your request within 30 days of receipt
  • For complex requests, we may extend this by an additional 60 days and will inform you of any delay
  • All responses are provided free of charge unless requests are manifestly unfounded or excessive

Data Portability

For website owners, we can provide your account data in a structured, commonly used format (JSON/CSV) upon request.

Data Security

Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

  • Encryption: All data is encrypted in transit (TLS/SSL) and at rest using industry-standard encryption
  • Access controls: Strict access controls limit who can access personal data on a need-to-know basis
  • Authentication: Multi-factor authentication available for website owner accounts
  • Infrastructure security: Secure hosting with regular security updates and monitoring
  • Regular backups: Encrypted backups to prevent data loss
  • Security audits: Regular security assessments and vulnerability testing

Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms:

  • We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • We will inform affected users without undue delay via email or prominent notice on our website
  • The notification will include the nature of the breach, likely consequences, and measures taken to address it

Automated Decision Making

We do not use automated decision making or profiling that would significantly affect you. Our system:

  • Does not make automated decisions about individuals
  • Does not create profiles for marketing or other purposes
  • Only processes consent preferences as explicitly provided by users
  • Uses technical data solely for functionality and security purposes

Third-Party Data Processors

We work with the following third-party processors who may handle your personal data:

Processor Service Data Processed Location
Cloudflare DNS, DDoS Protection, WAF IP addresses, technical data Global (GDPR compliant)
Stripe Payment Processing Payment data, billing info Global (Standard Contractual Clauses)
Hetzner Server Hosting All platform data Germany (EU)
Amazon SES Email Services Email addresses, names, email content Global (Standard Contractual Clauses)
Bunny.net Content Delivery Network IP addresses, browser data, access logs EU only (EU company)

We have established Data Processing Agreements (DPAs) with all third-party processors to ensure GDPR compliance and appropriate data protection measures. These agreements define the scope of processing, security requirements, and our respective obligations under data protection law.

Amazon SES - Email Services

We use Amazon Simple Email Service (SES) to send transactional and informational emails to our users, including:

Purpose:

  • Account notifications and confirmations
  • Service updates and important announcements
  • Password reset and security alerts
  • Billing and subscription notifications
  • Customer support communications
  • Marketing newsletters and promotional emails (with your consent)

Data Processed:

  • Email addresses of recipients
  • Names (when provided)
  • Email content and metadata
  • Delivery and bounce information

Legal Basis:

  • Contract (Article 6(1)(b)) for service-related emails
  • Legitimate Interest (Article 6(1)(f)) for service announcements and security notifications
  • Consent (Article 6(1)(a)) for marketing newsletters and promotional communications

Data Location: Amazon SES may process your data in various AWS regions globally under Standard Contractual Clauses approved by the European Commission

Retention: Email delivery logs are retained according to Amazon's data retention policies, typically 14 days for delivery information

Bunny.net - Content Delivery Network

We use Bunny.net, an EU-based company, as our content delivery network to improve website performance and deliver our consent management scripts efficiently. Our Bunny.net configuration is specifically set to route all traffic through EU servers only.

Purpose:

  • Faster loading of consent management scripts and resources
  • Improved website performance and reliability
  • Reduced server load and bandwidth usage
  • EU-only content distribution

Data Processed:

  • IP addresses (for geographic content delivery optimization)
  • Browser and device information
  • Access logs and timestamps
  • Requested content URLs and referrer information

Legal Basis: Legitimate Interest (Article 6(1)(f)) for service functionality and performance optimization

Data Location: All data is processed and stored exclusively within the European Union through our EU-only server configuration

Data Retention: CDN access logs are typically retained for up to 30 days for operational purposes and security monitoring

Business Changes

Privacy Policy Updates

  • We may update this privacy policy from time to time to reflect changes in our practices or legal requirements
  • Material changes will be communicated via email to registered users and prominent notice on our website
  • Minor updates will be posted on our website with the updated date
  • Continued use of our services after changes indicates acceptance of the updated policy

Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Your personal data may be transferred to the new entity
  • We will notify you at least 30 days before any such transfer
  • The new entity will be bound by the same privacy commitments outlined in this policy
  • You will have the right to delete your data before any transfer if you object
  • All data protection rights will continue to apply under the new ownership

Consent Management Specifics

Consent Withdrawal

You can easily withdraw your consent at any time:

  • On websites: Click the consent banner or cookie settings link to modify your preferences
  • Complete withdrawal: Set all non-essential cookie categories to "No"
  • Immediate effect: Changes take effect immediately and are respected by the website
  • No consequences: Withdrawing consent will not affect the lawfulness of processing before withdrawal

Cross-Device Tracking

We do not link or track consent across different devices. Each device maintains its own separate consent record, ensuring your privacy choices remain device-specific.

Consent Proof and Records

We maintain detailed records to demonstrate valid consent was obtained:

  • Timestamp of when consent was given or withdrawn
  • Consent ID for unique identification of each consent record
  • Specific preferences for each cookie category
  • Method of consent (banner interaction, settings page, etc.)
  • Obfuscated IP address for geographical context
  • Browser information to ensure technical compatibility
  • Website URL where consent was recorded

These records serve as proof of valid, informed consent and can be provided to data protection authorities or users upon request.

Data Sharing

We do not sell your consent data or personal information. We may share your data only in the following circumstances:

  • With website owners who use our platform (consent preferences and obfuscated analytics only)
  • When required by law or legal process
  • With our service providers who help us operate our platform (under strict data processing agreements)

International Transfers

Your consent data is processed and stored primarily within the European Union. When we use third-party services that may process data outside the EU (such as Amazon SES), we ensure appropriate safeguards are in place:

  • Standard Contractual Clauses approved by the European Commission
  • GDPR compliance frameworks maintained by service providers
  • Data Processing Agreements ensuring adequate protection levels

Note: Bunny.net processes all data exclusively within the EU through our configured EU-only routing.

Website Owner Account Data

What We Collect from Website Owners

When website owners register for our consent management platform, we collect:

Data collected directly from you:

  • Name for account identification and communication
  • Email address for account access, notifications, and support
  • Password (encrypted) for secure account access
  • Two-factor authentication data (if enabled) including backup codes for enhanced security
  • Profile photo (optional) for account personalization

Data collected automatically:

  • Account creation and update timestamps for security and audit purposes

Data processing requirements:

  • Name and email: Required to provide our services (contractual necessity)
  • Password and 2FA: Required for account security
  • Timestamps: Required for security and audit purposes
  • Payment information: Required for billing (processed through Stripe)

Payment information processed through Stripe including billing details, payment methods, and transaction history

Why We Process Website Owner Data

We process this information based on:

  • Contractual necessity (Article 6(1)(b) GDPR) to provide our consent management services
  • Legal obligation (Article 6(1)(c) GDPR) for tax, accounting, and regulatory compliance
  • Legitimate interest (Article 6(1)(f) GDPR) for fraud prevention, security, and customer support

Payment Processing

Payment data is processed by Stripe, our payment processor. Stripe maintains PCI DSS compliance and processes payment information according to their privacy policy. We do not store complete payment card details on our servers.

Data Retention for Website Owners

  • Account data is retained while your account is active and for up to 7 years after account deletion for legal and tax obligations
  • Account deletion: You can cancel your account at any time. Your account data will be deleted after your current paid subscription period expires
  • Payment records are retained for up to 7 years for accounting and tax compliance
  • Security logs are retained for up to 90 days

Security Infrastructure

We use Cloudflare for DNS management, DDoS protection, and Web Application Firewall (WAF) services to ensure secure and reliable access to our platform. When you interact with our services:

  • Cloudflare processes your IP address and other technical data for security analysis and threat protection
  • DNS queries are processed to route traffic to our servers
  • Security logs are maintained for DDoS mitigation and attack prevention
  • Data is processed according to Cloudflare's privacy policy and data processing agreement with GDPR compliance frameworks for EU users

Content Delivery Network (CDN)

We use Bunny.net, an EU company, as our content delivery network to ensure fast and reliable delivery of our consent management scripts. When you interact with websites using our platform:

  • Bunny.net processes your data exclusively within the European Union through our configured EU-only server routing
  • Data is processed according to their privacy policy and data processing agreement

Our Own Cookies

Our platform uses cookies to function properly. For detailed information about the cookies we use on our own website and platform, please see our Cookie Policy.

Legal Basis Summary

Data Type Legal Basis Purpose
Consent preferences, timestamps, obfuscated IP Legitimate Interest (Art. 6(1)(f)) Consent management, compliance, geolocation
Website owner name, email Contract (Art. 6(1)(b)) Service provision
Payment data Contract (Art. 6(1)(b)) Billing and payment processing
Security logs Legitimate Interest (Art. 6(1)(f)) Fraud prevention, security
Browser information Legitimate Interest (Art. 6(1)(f)) Technical functionality
Email communications Contract (Art. 6(1)(b)) / Legitimate Interest (Art. 6(1)(f)) / Consent (Art. 6(1)(a)) Service delivery, notifications, newsletters

Children's Privacy

Our consent management platform is not intended for use by children under 16 years of age. We do not knowingly collect personal data from children under 16. If you are under 16, please do not use our services or provide any personal information.

If we become aware that we have collected personal data from a child under 16 without appropriate parental consent, we will take steps to delete such information promptly. If you believe we may have collected information from a child under 16, please contact us at [email protected].