The Consent Kit
Privacy Policy
Last updated: July 3, 2026 · [confirm: review with counsel before launch]
We sell tools for doing cookie consent honestly, so this policy tries to be what
privacy policies usually aren't: short, specific, and true. It covers the website,
the free scanner, and the Consent Kit purchase.
What we collect, and why
- Free scans. The URL you scan and the resulting report. Reports are kept for
7 days, then deleted. We rate-limit by a hashed form of your IP address.
- Report email. If you ask for a full report, we store your email and send a
verification link that expires in 72 hours. We add you to our marketing list only
if you tick the separate opt-in box, and we keep a record of that consent (timestamp,
the text you saw, your choice).
- Purchases. Payment is processed by Stripe; card details never touch our servers.
We store your email, the product, the amount, and your permanent access token so you can
always reach your kit.
- Consent choices on this site. Your cookie choice is stored in your own browser
(localStorage), first party only. See the next section.
Cookies and tracking on this site
We run the same banner and deny-by-default Consent Mode setup that we sell.
Right now this site loads no third-party advertising or analytics trackers.
If we add analytics later, it will load only per your consent choice, which you can
change any time via the Cookie preferences link in the site footer.
We honor Global Privacy Control: if your browser sends it, ad-related signals stay
denied even if you click Accept.
Who processes data for us
- Stripe — payments and receipts.
- Resend — transactional email (report links, kit access) and, with your opt-in, marketing email.
- Steel — headless browser infrastructure that performs the scan you request.
- [confirm: hosting provider, e.g. Fly.io, and any others]
Your rights
You can ask us what we hold about you, ask us to correct it, or ask us to delete it.
Unsubscribe links are in every marketing email. For anything else, write to
hello@theconsentkit.com
[confirm: support address] and we'll respond within 30 days.
Where we're based
[confirm: controller legal name, jurisdiction, and EU/UK representative if required]