Privacy Policy

Last updated: 15 March 2025

1. About CookieSeal

CookieSeal ("we", "us", or "our") is a cookie consent management service operated by Hostao LLC, a limited liability company registered in Wyoming, USA.

Our service allows website owners ("Customers") to embed a consent banner on their websites to collect and log cookie consent from their end-users ("Visitors") in compliance with the EU General Data Protection Regulation (GDPR) and India's Digital Personal Data Protection Act (DPDPA).

This Privacy Policy describes how we collect, use, and protect information when you use the CookieSeal website at cookieseal.com and its associated services.

2. Information We Collect

2.1 Account Information (Customers)

When you create a CookieSeal account, we collect:

  • Full name
  • Email address
  • Password (stored as a secure hash via Supabase Auth — we never see it in plaintext)
  • Billing information (handled by Stripe — we do not store card numbers)

2.2 Site Configuration Data (Customers)

When you register a website, we store:

  • Domain name
  • Banner configuration (colors, text, position, privacy URL)
  • Unique site key

2.3 Consent Logs (End-User Visitors)

When a Visitor interacts with a CookieSeal banner on a Customer's website, we log:

  • A hashed (SHA-256) IP address — one-way hash; we cannot recover the original IP
  • Consent choices (which cookie categories were accepted: Necessary, Analytics, Marketing, Preferences)
  • Timestamp
  • User agent string (browser and OS)

We do not collect names, email addresses, or any other personally identifiable information from your website's Visitors.

2.4 Usage & Analytics

We may collect standard server-side analytics (page views, API request counts) for operational purposes. We do not use third-party tracking scripts on cookieseal.com.

3. How We Use Your Information

  • To provide, maintain, and improve the CookieSeal service
  • To process payments and manage subscriptions via Stripe
  • To send transactional emails (account confirmation, billing receipts, support)
  • To provide Customers with consent audit logs for their compliance records
  • To detect and prevent fraud or abuse
  • To comply with applicable laws and regulations

We do not sell your personal information to third parties. We do not use your data for advertising.

4. Data Sharing

We share data only with trusted service providers necessary to operate CookieSeal:

  • Supabase — database and authentication hosting (EU region available)
  • Stripe — payment processing (PCI DSS Level 1 certified)
  • Vercel — application hosting and edge delivery

Each provider has their own privacy policy and data processing agreements. We do not share data with any other third parties.

5. Data Retention

  • Account data: retained while your account is active. Deleted within 30 days of account deletion.
  • Consent logs (Free plan): retained for 30 days.
  • Consent logs (Pro plan): retained for 1 year.
  • Consent logs (Business plan): retained indefinitely.

6. Cookies on CookieSeal.com

CookieSeal.com uses only essential cookies required for authentication and session management (via Supabase Auth). We do not use tracking, analytics, or advertising cookies on our own website.

Cookies we set:

  • sb-* — Supabase session cookies (authentication, session token)

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access — request a copy of the data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your account and associated data
  • Portability — request export of your data in a machine-readable format
  • Objection — object to processing in certain circumstances

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

8. Security

We implement appropriate technical and organizational measures to protect your data:

  • All data transmitted over HTTPS/TLS
  • Passwords stored using bcrypt hashing via Supabase Auth
  • IP addresses are hashed (SHA-256) before storage — never stored in plaintext
  • Row Level Security (RLS) enforced at the database level
  • Stripe handles all payment card data (we never touch raw card numbers)

9. International Data Transfers

CookieSeal is operated from the United States (Hostao LLC, Wyoming). Data may be processed in the US and/or EU depending on Supabase region configuration. By using CookieSeal, you acknowledge this cross-border transfer.

For EU/EEA customers, we rely on Standard Contractual Clauses (SCCs) with our sub-processors where applicable.

10. Children's Privacy

CookieSeal is not directed to children under 18. We do not knowingly collect personal information from minors. If you believe a minor has provided us with personal data, contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will notify registered Customers of material changes via email. The "Last updated" date at the top of this page indicates when the policy was last revised. Continued use of CookieSeal after changes constitutes acceptance of the updated policy.

12. Contact Us

For privacy-related questions or requests:

Hostao LLC

30 N Gould St, Ste R, Sheridan, Wyoming 82801, USA

Email: [email protected]

Website: cookieseal.com