ConsentLens
Scan

Privacy Policy

Last updated: 24 March 2026

1. Who we are

ConsentLens is a GDPR cookie compliance scanning service operated by Novastack Studio. Our website is consentlens.eu. For any privacy enquiries, contact us at privacy@consentlens.eu.

2. Data we collect

Account data

If you create an account we store your email address, name (optional), and a hashed password. We never store passwords in plain text.

Scan data

When you scan a URL we store the URL, the scan results (cookies detected, trackers, compliance issues, screenshots), and the timestamp. Scan results for publicly accessible URLs may be displayed on a public results page at /scan/[domain] to help other users researching the same site.

Usage analytics

With your consent, we use Google Tag Manager and Google Analytics 4 to collect aggregated, anonymised information about how visitors use the service (pages visited, features used). This data is not linked to your identity. You can decline analytics at any time — see our cookie policy.

Technical log data

Our servers automatically record IP addresses, browser type, and request timestamps for security monitoring and rate limiting. This data is retained for up to 30 days.

3. Legal basis for processing

  • Contract performance — processing your account and scan data to deliver the service you requested.
  • Legitimate interests — server-side security logging and fraud prevention.
  • Consent — analytics cookies (Google Analytics / GTM). You may withdraw this at any time.

4. How we use your data

  • To operate the scanning service and display results to you.
  • To send monitoring alerts and scheduled reports (if you have enabled them).
  • To improve the product using aggregated, anonymised analytics.
  • To detect abuse and enforce our rate limits.

We do not sell your personal data to third parties, use it for advertising, or share it with any third party beyond the service providers listed in section 5.

5. Third-party service providers

ServicePurposeBasis
Google Analytics 4 / GTMUsage analyticsConsent
Vercel / hosting providerWeb hosting & CDNContract
PostgreSQL (self-hosted)Data storageContract

6. Data retention

  • Account data — retained for the lifetime of your account and deleted within 30 days of account closure.
  • Scan results — retained indefinitely to power public compliance pages; you may request deletion (see section 7).
  • Server logs — retained for up to 30 days.
  • Analytics data (if consented) — governed by Google's own retention settings (default: 14 months).

7. Your rights (GDPR)

If you are located in the EU or EEA you have the right to:

  • Access the personal data we hold about you.
  • Rectify inaccurate data.
  • Erase your data (“right to be forgotten”).
  • Restrict or object to certain processing.
  • Data portability — receive your data in a machine-readable format.
  • Withdraw consent for analytics at any time via our cookie settings.

To exercise any of these rights, email privacy@consentlens.eu. We will respond within 30 days. You also have the right to lodge a complaint with your national supervisory authority.

8. Cookies

For a full breakdown of the cookies we use, how they work, and how to manage your preferences, see our Cookie Policy.

9. Changes to this policy

We may update this policy from time to time. Material changes will be flagged by updating the “Last updated” date at the top. Continued use of the service after changes constitutes acceptance.

10. Contact

ConsentLens · privacy@consentlens.eu