. No npm, no build step required. Style and color are configured in the dashboard."}},{"@type":"Question","name":"Is getconsent.io GDPR compliant?","acceptedAnswer":{"@type":"Answer","text":"Yes. getconsent.io is built with privacy by design and is intended to support common consent requirements under GDPR, CCPA, LGPD, and similar laws. The Ghost style presents essential-only messaging by default and exposes a consent signal so your site can gate non-essential scripts and cookies."}},{"@type":"Question","name":"Is there a free plan?","acceptedAnswer":{"@type":"Answer","text":"Yes. Free plan supports 1 site and 5,000 consent events per month. No credit card required."}}]},{"@type":"Organization","name":"getconsent.io","url":"https://getconsent.io","contactPoint":{"@type":"ContactPoint","contactType":"customer support","email":"support@getconsent.io","url":"https://getconsent.io/support"}}]}

Legal

Privacy Policy

Last updated: March 2026

Who we are and our role

getconsent.io provides consent management software that helps website operators collect and record cookie and similar consent choices. When you use our service for your sites, we act as a data processor on your instructions. You are typically the data controller for your end visitors' personal data in connection with that use. This policy describes how we handle information when you use getconsent.io.

What data we collect

Depending on how you use the service, we may process:

  • Account data: email address, name (if provided), and a password stored using a one-way hash — not plain text.
  • Billing data:information processed by Stripe when you subscribe or pay (e.g. payment method metadata, invoices), as described in Stripe's policies.
  • Consent events: records of consent actions (such as accept, reject, or preference changes), timestamps, and identifiers tied to your site (e.g. site ID). We do not intentionally collect personal information about your end visitors from the widget for these events.

Widget loading and IP addresses

The embeddable widget performs a configuration request when it loads on a visitor's page. Like any normal web request, our servers and infrastructure may receive technical data including IP addressesin standard HTTP access logs. We do not store visitor IP addresses in our application database for consent analytics. However, IP addresses and similar metadata may appear in infrastructure or hosting logs (for example Vercel) and database provider logs (for example Neon) according to those providers' retention and security practices.

Cookies and local storage

For the dashboard, we use session cookies as part of NextAuth (or equivalent) to keep you signed in securely.

The embeddable consent widgetstores preferences in the visitor's browser using localStorage, not cookies, for the consent UI behavior on your site.

Third-party services

We rely on subprocessors and integrations including:

  • Stripe — payments and billing.
  • Neon — hosted PostgreSQL database.
  • Vercel — hosting and related analytics or performance insights where enabled.
  • Google — if you choose to sign in with Google OAuth, Google processes authentication data according to its terms and privacy notices.

How long we keep data

  • Consent events are stored without a fixed deletion schedule (indefinitely) so you have a long-term record of consent choices, unless you request deletion or we are required to remove data under applicable law.
  • Account data is kept until you delete your account; some billing or legal records may be retained for a period afterward as required by law or legitimate business needs.

Your rights

Depending on where you live, you may have rights to access, correct, delete, or restrict certain processing of your personal data, and to object or lodge a complaint with a supervisory authority. To exercise rights related to your getconsent.io account, contact us at support@getconsent.io.

Contact

Questions about this policy: support@getconsent.io

Not legal advice. This policy describes how getconsent.io handles data. It does not tell you whether your use of the service satisfies GDPR, CCPA, or other laws in your situation. Consult a qualified lawyer for legal advice.