Privacy Policy — our website
This Privacy Policy explains how our website ("we", "us", "our") collects, uses and protects your personal data when you visit or use our website (your website), and the rights you have under the EU General Data Protection Regulation (GDPR).
We are the "controller" of your personal data, which means we decide how and why it is processed. If you have any questions about this policy, contact us using the details at the end.
Who we are
our website is the controller responsible for your personal data in connection with our website.
You can reach us using the contact details at the end of this policy.
For any data protection matters, contact us at [your contact email].
The personal data we collect
Depending on how you use our website, we may collect the following categories of personal data:
| Category | Examples | Why we use it | Legal basis (GDPR Art. 6) |
|---|---|---|---|
| Identity & contact data | your name, email address and (where you provide it) phone number | to identify you, communicate with you and provide our services | performance of a contract with you, or your consent |
| Account data | your username, a hashed password and your profile or account settings | to create and administer your account | performance of a contract with you |
| Usage & analytics data | pages you visit, features you use, referring URLs and interaction events | to understand how our service is used and to improve it | your consent (for non-essential analytics), or our legitimate interests |
| Device & log data | your IP address, browser type, device identifiers, operating system and access timestamps | to operate and secure the service, prevent abuse and troubleshoot problems | our legitimate interests and, where applicable, a legal obligation |
Tip: keep this aligned with what your forms, analytics and integrations actually collect.
How and why we use your data
We use your personal data only for the purposes set out above, and we rely on the corresponding legal basis under Article 6 of the GDPR. Where we rely on consent — for example for non-essential analytics or marketing — you can withdraw it at any time.
We do not use your personal data for automated decision-making that produces legal or similarly significant effects about you.
Cookies and tracking
We use cookies and similar technologies to operate the site and, where you consent, to analyse usage and personalise content and advertising. For details of the specific cookies we use and how to manage them, see our Cookie Policy.
Who we share your data with
We share personal data with service providers ("processors") who act on our instructions, including: Google Analytics 4 (GA4). Each processes data under a contract that requires appropriate safeguards.
We do not sell your personal data.
We may also disclose personal data where required by law, to enforce our terms, or to protect our rights, users or the public.
International transfers
Some of our processors are based outside the European Economic Area. Where your personal data is transferred internationally, we ensure an appropriate safeguard is in place — typically the European Commission's Standard Contractual Clauses or a transfer to a country covered by an adequacy decision.
You can request more information about these safeguards using the contact details below.
How long we keep your data
We keep personal data only for as long as necessary for the purposes described in this policy, including to meet legal, accounting or reporting requirements.
When we no longer need your data, we securely delete or anonymise it. Account data is generally kept while your account is active and for a limited period afterwards; billing records are kept for the period required by tax law.
How we protect your data
We use appropriate technical and organisational measures to protect personal data against loss, misuse and unauthorised access — including encryption in transit, access controls and regular review of our processors.
No method of transmission or storage is completely secure, but we work to protect your data and to notify you and the relevant authority of a breach where the law requires.
Your rights under the GDPR
You have the right to access your personal data; to have it corrected or erased; to restrict or object to its processing; to data portability; and, where we rely on consent, to withdraw that consent at any time without affecting prior processing.
To exercise any of these rights, contact us using the details below — we will respond within the time limits the GDPR requires. You also have the right to lodge a complaint with your national data protection authority.
Children's privacy
Our service is not directed at children, and we do not knowingly collect personal data from children below the age of digital consent in their country. If you believe a child has provided us with personal data, contact us and we will delete it.
Changes to this Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "last updated" date below and, where appropriate, notify you.
Contact us
If you have any questions about this Privacy Policy or how we handle your personal data, contact us at [your contact email].
Last updated: 2026-06-14.
This is a generic template provided for convenience and does not constitute legal advice. It is English-only and does not include country-specific requirements or sector-specific obligations. For a localized, counsel-grade privacy policy — plus the full set of GDPR documents (cookie policy, ROPA, data-processing agreement, retention policy and breach procedure) with DOCX export — see CookieSentry's GDPR document program.