Start for free
Back to home
Note. KookiOk is operated by a private individual. These pages describe current practices and are provided as general information, not legal advice — for any question or request, email contact@kookiok.com.

Data Processing Addendum

Last updated: 8 June 2026

This Addendum describes how KookiOk (operated by a private individual) processes personal data on your behalf. It supplements the Terms of Service.

Roles

For the personal data of your website visitors processed through the KookiOk consent script and dashboard, you are the controller and KookiOk is your processor. You determine the purposes and means; we act on your documented instructions.

Subject matter and duration

KookiOk processes visitor consent data to provide consent capture, storage and proof, cookie and tracker scanning, analytics and reporting, for as long as you use the service.

Categories of data and data subjects

Data subjects are the visitors of your websites. The data processed includes a pseudonymous consent ID, consent choices, a timestamp, an anonymized IP address, the browser user-agent, a Global Privacy Control flag, and derived country and language.

IP addresses are anonymized before storage and no device fingerprinting is used. KookiOk does not intentionally process special categories of personal data.

Our obligations as processor

  • Process personal data only on your documented instructions.
  • Ensure persons authorised to process the data are bound by confidentiality.
  • Implement appropriate technical and organisational security measures.
  • Assist you with data-subject requests and with security and breach obligations.
  • Delete or anonymize the data on termination, as described below.

Sub-processors

You authorise the sub-processors listed in our Privacy Policy — Microsoft Azure (France Central), Azure Communication Services, and Vercel for the marketing website. We will inform you of intended changes and you may object on reasonable data-protection grounds.

Security measures

Measures include EU hosting, encryption in transit, IP anonymization, SHA-256 integrity hashing of consent records, SSRF-protected scanning, access controls and audit logging, and keeping third-party trackers off our surfaces.

International transfers

Infrastructure is located in the European Union. Where personal data is transferred outside the EEA, we rely on appropriate safeguards such as the EU Standard Contractual Clauses.

Data-subject requests and deletion

We assist you in responding to access, erasure and portability requests. Erasure is performed by de-identifying records while preserving the audit trail required by law. On termination, consent data is deleted or anonymized in line with the retention schedule in our Privacy Policy.

Personal data breaches

We will notify you without undue delay after becoming aware of a personal data breach affecting the data we process for you, with the information you reasonably need to meet your own notification obligations.

Audits

On reasonable request, we will make available the information necessary to demonstrate compliance with this Addendum and allow for and contribute to audits, subject to appropriate confidentiality and reasonable notice.

Liability, changes and contact

This Addendum is subject to the liability provisions of the Terms of Service. We may update it to reflect legal or operational changes. Questions: contact@kookiok.com.