Privacy Policy

Last updated: March 1, 2026

1. Who We Are

CookieWard ("we", "us", "our") is a privacy compliance scanning tool offered as a Chrome browser extension and a web platform at cookieward.com. Our mission is to help website owners understand and improve their privacy compliance posture.

2. Data We Collect

2.1 Chrome Extension (Free Tier)

The free version of the CookieWard extension runs entirely client-side. No data leaves your browser. We do not collect, transmit, or store any information about the websites you scan or your browsing activity.

2.2 Web Platform (Authenticated Users)

When you create an account and sign in, we collect:

  • Account information: email address, name, and profile picture (from Google OAuth or email sign-in).
  • Scan results: domain, URL, compliance scores, and scan details — only when you are signed in and scan results are synced to your dashboard.
  • Payment information: managed entirely by Stripe. We store only your Stripe customer ID and subscription status. We never see or store your credit card number.

2.3 Automatically Collected

  • Server logs: IP address, browser type, and request timestamps (standard web server logs, retained for 30 days).
  • Cookies: We use only essential cookies for authentication (session cookies). We do not use analytics or marketing cookies on our website.

3. How We Use Your Data

  • To provide and maintain your account and dashboard.
  • To store and display your scan history.
  • To process payments and manage your subscription.
  • To send transactional emails (magic link sign-in, payment receipts, compliance alerts if you opt in).
  • To improve the service (aggregated, anonymized usage patterns only).

We do not sell, rent, or share your personal data with third parties for marketing purposes.

4. Third-Party Services

We use the following third-party services that may process your data:

  • Google OAuth: for sign-in authentication (Google's privacy policy applies).
  • Stripe: for payment processing (Stripe Privacy Policy).
  • Amazon SES: for sending transactional emails.
  • Turso: for database hosting (data stored in US-East region).
  • Vercel: for web hosting and edge functions.

5. Data Retention

Your account data and scan history are retained as long as your account is active. If you delete your account, we will delete all your personal data within 30 days. Anonymized, aggregated analytics data may be retained indefinitely.

6. Your Rights

Under applicable privacy laws (including LGPD, GDPR, and CCPA), you have the right to:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request correction of inaccurate data.
  • Deletion: request deletion of your personal data.
  • Portability: request your data in a machine-readable format.
  • Opt-out: unsubscribe from non-essential communications.

To exercise any of these rights, contact us at contact@cookieward.com.

7. Security

We implement industry-standard security measures including HTTPS encryption, secure authentication tokens, parameterized database queries, Content Security Policy headers, and strict access controls. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Children's Privacy

CookieWard is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

10. Contact

If you have any questions about this Privacy Policy, please contact us at: contact@cookieward.com

← Back to home