Privacy policy

TL;DR: CookieVault’s privacy policy is short because we collect almost nothing — an email, an opaque encrypted sync blob we cannot read, and a billing ID. We never see your cookies, your browsing history, your IP, or any telemetry, and we never sell data.

A privacy policy is the document that tells you exactly what data a service collects about you, why, how long it keeps it, who it shares it with, and what rights you have over it. CookieVault’s policy is unusually short because the product is built so that we hold as little of your data as technically possible: cookie contents are end-to-end encrypted on your device before they reach us, so the server only ever stores ciphertext it cannot decrypt.1

What we collect

In short: For paid accounts: your email, an opaque encrypted sync blob, and a Paddle customer ID. For Free local-only users: nothing, because there is no account. Article 5(1)(c) of the GDPR calls this data minimisation — “adequate, relevant and limited to what is necessary”2 — and it is the design rule the whole product follows.

Data we collectPurposeWho has itCan we read it?
Email addressLogin, receipts, security noticesCookieVaultYes
Opaque sync blobCross-device encrypted cookie syncCookieVaultNo — ciphertext only
Paddle customer IDBilling and tax processingCookieVaultYes (an opaque ID)
Payment card detailsCharging your subscriptionPaddle onlyNo — we never receive it
Support email contentAnswering your support requestCookieVaultYes, until ticket closure

Free users who never create an account generate none of the above. The extension stores your cookies and profiles locally and makes no network calls unless you explicitly enable sync on a paid plan.

What we never collect

In short: We never collect the contents of your cookies, your browsing history, your IP address, or behavioral telemetry. The GDPR principle is that the lawful basis for processing must be specific — and we simply have no basis, and no desire, to gather any of this.2

The list of things CookieVault deliberately does not collect:

  1. Cookie contents — encrypted on-device before sync; we store only ciphertext
  2. Browsing history — the extension never reads or transmits the pages you visit
  3. IP addresses — our analytics are cookieless and aggregate-only, with no per-visitor IP logging
  4. Device fingerprints — no canvas, no WebGL, no font enumeration
  5. Behavioral telemetry — the extension ships with zero analytics SDKs
  6. Third-party ad identifiers — we run no advertising and integrate no ad networks

Our website analytics are Cloudflare Web Analytics and Plausible, both cookieless and aggregate-only by design, which is why this site shows no cookie-consent banner — there is nothing to consent to.

Your rights

In short: Under the GDPR, CCPA, and LGPD you have rights of access, deletion, correction, portability, and objection. Email [email protected] and we respond within 30 days. Because most of what we hold is ciphertext we cannot read, deletion is fast and verifiable.

The rights you can exercise, by framework:

To exercise any right, email [email protected] from your account address. We do not charge a fee for reasonable requests and aim to respond within 30 days.

Retention

In short: Account data is kept until you delete your account, plus a 30-day grace window, then purged. Encrypted blobs live until you delete them client-side. Billing records are kept as long as tax law requires (commonly up to seven years), and only by Paddle.

Data typeRetention periodTrigger to delete
Account emailUntil account deletion + 30-day graceYou delete your account
Encrypted sync blobUntil you delete it from the clientClient-side delete
Support correspondenceUntil ticket closure + 12 monthsAutomatic purge
Billing/invoice recordsAs required by tax law, commonly up to 7 yearsStatutory minimum (Paddle)

Subprocessors

In short: Exactly two — Cloudflare for hosting and sync transit, and Paddle as our Merchant of Record for billing. No analytics processors receive personal data, and we use no advertising networks or data brokers. A current list is maintained here.

SubprocessorRoleData they handleLocation
CloudflareHosting, sync API, encrypted storageOpaque ciphertext, request metadataGlobal edge
PaddleMerchant of Record, billing, taxName, email, payment details, invoicesGlobal

Cloudflare only ever sees encrypted blobs and routine request metadata; it never holds keys.6 Paddle, as Merchant of Record, handles payment data and VAT/sales-tax compliance across 100+ jurisdictions, which is why your card details reach Paddle and never us.7 If we ever add or change a subprocessor, we will update this table and notify Pro subscribers in advance.

See also

Footnotes

  1. “End-to-end encryption” means data is encrypted on the sender’s device and decrypted only on the recipient’s, so intermediaries store ciphertext they cannot read. For background see Mozilla’s privacy documentation: https://developer.mozilla.org/en-US/docs/Web/Privacy.

  2. GDPR Article 5(1) sets out the data-minimisation and purpose-limitation principles. Official consolidated text: https://gdpr-info.eu/art-5-gdpr/. 2

  3. GDPR data-subject rights are defined in Articles 15–22. See the UK Information Commissioner’s Office guidance: https://ico.org.uk.

  4. The California Consumer Privacy Act, as amended by the CPRA, is summarized by the California Attorney General: https://oag.ca.gov/privacy/ccpa.

  5. Brazil’s Lei Geral de Proteção de Dados (LGPD, Lei 13.709/2018) is administered by the ANPD: https://www.gov.br/anpd/pt-br.

  6. Cloudflare’s own privacy commitments are published here: https://www.cloudflare.com/privacypolicy/.

  7. Paddle acts as Merchant of Record, taking on tax and payment compliance. Privacy details: https://www.paddle.com/legal/privacy.