1. Data Controller

The data controller is Dominik Kmoch (hereinafter “Controller”), operator of the ConsentBadge web application available at consentbadge.com.

2. What Data We Process

ConsentBadge is designed with minimal data collection. We do not process any data that would directly identify a specific individual.

2.1 Technical Logs

The Vercel hosting platform automatically records technical access data:

IP address (automatically anonymized)
Browser User-Agent
Access timestamp
Requested URL

These logs are retained by the hosting provider (Vercel Inc.) for a limited period and are used exclusively to ensure the security and stability of the service.

2.2 Banner Configuration

Your banner configuration (design, texts, categories) is stored only in your browser's localStorage. This data never leaves your computer and the Controller has no access to it.

3. Cookies

ConsentBadge uses the following cookies:

Cookie	Purpose	Expiration	Type
`locale`	Interface language preference (CS/EN)	1 year	Functional

No analytical, marketing, or tracking cookies are used.

4. localStorage

The following data is stored in the browser's localStorage:

Key	Purpose	Data
`consentbadge-config`	Storing the banner configuration in progress	Design, texts, categories, settings
`theme`	Editor dark/light mode preference	"light" or "dark"

This data is stored exclusively in your browser and can be deleted at any time by clearing the website data in your browser settings.

5. Distinction: Editor vs. Generated Banner

It is important to distinguish between:

ConsentBadge editor (consentbadge.com) — this website, governed by this policy
Generated banner — the code you deploy on your website. Data processing by the generated banner is controlled by you as the operator of the target website

6. Third Parties

The Service uses the following third parties:

Vercel Inc. — web application hosting. Processes technical logs. Privacy Policy
Google Fonts — loading the Plus Jakarta Sans font. Google may process the IP address when downloading the font. Privacy FAQ

7. Security

The Service implements the following security measures:

HTTPS encryption for all communications
Content Security Policy (CSP) headers
HTTP Strict Transport Security (HSTS)
Protection against XSS and injection attacks

8. Data Subject Rights

Under GDPR Regulation (EU) 2016/679, you have the right to:

Access your personal data
Rectification of inaccurate data
Erasure of data (“right to be forgotten”)
Restriction of processing
Data portability
Object to processing
Lodge a complaint with a supervisory authority

Given the minimal scope of data processed, some rights may only be exercisable to a limited extent.

9. Children

The Service is not intended for persons under the age of 16. We do not knowingly collect data from children.

10. Changes to This Policy

The Controller reserves the right to update this policy at any time. The current version is always available on this page.

11. Contact

To exercise your rights or for questions regarding data protection, please contact the Controller via GitHub Issues.

Privacy Policy