ConsentKeys

Legal

Privacy Policy

ConsentKeys exists to protect personal data. This policy explains what we collect on this website, why, and how you stay in control.

Last updated: January 27, 2026

1. Who we are

ConsentKeys Inc. (“ConsentKeys”, “we”, “us”) operates consentkeys.com and the ConsentKeys authentication platform. Our registered address and Data Protection contact: support@consentkeys.com.

ConsentKeys is built on the principle that you should be able to use the internet without surrendering your personal information. That philosophy applies to our own website too.

2. What this policy covers

This policy covers this marketing website (consentkeys.com) — pages, forms, and analytics. It does not cover the ConsentKeys authentication platform itself; that is governed by our platform-specific Data Processing Agreement provided to business customers.

3. Data we collect on this website

3.1 Analytics (cookieless)

We use a self-hosted, privacy-respecting analytics tool. It collects aggregated, anonymous page view data to help us understand how visitors use the site. Specifically:

  • Page URL and referrer
  • Country (derived from IP, which is never stored)
  • Browser and OS type
  • Session duration (approximate)

No cookies are set. No persistent device identifier is stored. IP addresses are discarded immediately after country derivation. Data cannot be linked back to you personally.

3.2 Session replay (optional)

With your explicit consent (“Accept All”), we may record anonymised session replays — mouse movements, clicks, and scrolls — to identify UX issues. Input fields (forms, passwords) are always masked and excluded. You can withdraw consent at any time by clearing your browser storage for consentkeys.com.

3.3 Contact form

When you submit our contact or sales enquiry form, we collect your name, email address, and the message you write. This is used solely to respond to your enquiry. We do not use it for marketing without your separate consent.

We also use Google reCAPTCHA v3 on contact forms to prevent automated spam. reCAPTCHA collects hardware and software information and sends it to Google. Your use of reCAPTCHA is subject to Google’s Privacy Policy.

3.4 Waitlist

If you join our early-access waitlist, we store your email address to notify you when ConsentKeys is available and to send relevant product updates. You can unsubscribe at any time via the link in any email.

4. Legal basis for processing (GDPR)

For visitors in the European Economic Area (EEA), UK, or Switzerland:

  • Analytics (essential only): Legitimate interest — aggregate, cookieless statistics that cannot identify you.
  • Session replay: Consent — only activated after you click “Accept All”.
  • Contact / sales form submissions: Legitimate interest (responding to your request).
  • Waitlist: Consent — you opted in voluntarily.

5. Cookies and local storage

This website does not set tracking cookies. We store your consent preference (analytics / session replay) in your browser’s localStorage under the keys cookie-consent and session-replay-consent. These are not cookies and are never sent to our servers.

You can clear your preferences at any time by clearing site data in your browser settings.

6. Data sharing and third parties

We do not sell, rent, or trade your personal data. We share data only as follows:

  • Analytics provider: Self-hosted on infrastructure controlled by ConsentKeys. No data leaves our servers.
  • Email delivery: Contact form messages are delivered via a transactional email service (e.g. SendGrid / SMTP relay). Only the message content and your email address are transmitted.
  • Google reCAPTCHA: Used on contact forms. See section 3.3.
  • Legal obligations: We may disclose data if required by law, court order, or to protect our legal rights.

7. Data retention

  • Analytics data: rolling 90-day window, then purged.
  • Session replays: 30 days, then automatically deleted.
  • Contact form messages: retained for up to 12 months, then deleted.
  • Waitlist emails: retained until you unsubscribe or request deletion.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, or restrict processing of your personal data, or to object to certain processing. To exercise any of these rights, email support@consentkeys.com. We will respond within 30 days.

You also have the right to lodge a complaint with your local data protection authority.

9. Security

We apply industry-standard security measures to protect data in transit (TLS) and at rest. Because we collect minimal personal data on this marketing website, the attack surface is intentionally small. If you discover a vulnerability, please report it to support@consentkeys.com.

10. Children

This website is not directed at children under 16. We do not knowingly collect personal data from children. If you believe a child has submitted data to us, contact support@consentkeys.com and we will delete it promptly.

11. Changes to this policy

We may update this policy as our practices evolve. When we do, we will update the “Last updated” date at the top. Material changes will be announced on our website or via email if you are on our waitlist.

12. Contact

Questions about this policy? Reach us at support@consentkeys.com or via our contact form.