Features Scanner Design How it works Legal proof Compare Pricing FAQ
Get started
Legal

Privacy Policy

How we handle data on shieldconsent.com and within our Software.

Last updated: January 1st, 2026

1. Who we are

ShieldConsent ("we", "us", "our") operates the website shieldconsent.com (the "Website") and develops the ShieldConsent plugin (the "Software").

For any privacy-related inquiry, you can reach us at: info@shieldconsent.com

2. Scope of this policy

This Privacy Policy covers two distinct contexts:

  • The Website (shieldconsent.com) — when you visit our site, create an account, purchase a license, or contact us.
  • The Software (ShieldConsent plugin) — when you install and use the plugin on your own WordPress site.

These two contexts involve fundamentally different data flows, which is why they are addressed separately below.

3. Data we collect on the Website

3.1 Information you provide

  • Contact form: name, email address, and the content of your message. Used solely to respond to your inquiry.
  • License purchase: name, email address, billing information. Payment processing is handled by our payment processor — we do not store credit card numbers on our servers.
  • Account creation: email address and password (hashed). Used for license management and access to your customer area.

3.2 Information collected automatically

  • Server logs: IP address, browser type, operating system, referring URL, pages visited, and access timestamps. Retained for security and diagnostic purposes.
  • Cookies: see Section 5 below for full details.

3.3 Information we do not collect

We do not use any third-party analytics, advertising, or tracking services on shieldconsent.com. There is no Google Analytics, no Facebook Pixel, no marketing tracking of any kind.

4. Data processed by the Software

4.1 Self-hosted architecture

ShieldConsent is a 100% self-hosted plugin. All consent data, cookie scan results, configuration, and consent logs are stored exclusively in your WordPress database on your own server. We have no access to this data.

4.2 Outbound connections

The Software makes a limited number of outbound connections, none of which involve visitor personal data:

ConnectionData transmittedPurpose
License verification License key, site URL, plugin version Validate your license status
Update check Plugin version, site URL, WordPress version Check for available updates
Geolocation (optional) Visitor IP address Determine visitor country for consent mode selection

The geolocation feature is disabled by default and only activated if you explicitly enable it. When enabled, the visitor's IP address is sent to a third-party geolocation provider that you configure. We recommend reviewing the privacy policy of your chosen provider.

4.3 We are not a data processor

Because we do not collect, receive, store, or process any personal data from your website visitors, ShieldConsent does not act as a data processor under GDPR Article 28. You are the sole data controller for all consent data on your infrastructure. No Data Processing Agreement (DPA) is required with us.

5. Cookies on the Website

shieldconsent.com uses the following cookies:

CookieCategoryPurposeDuration
shieldconsent_consent Essential Stores your cookie consent preferences 12 months
shieldconsent_consent_front Essential JavaScript-readable mirror of your consent state 12 months
wordpress_logged_in_* Essential WordPress authentication (logged-in users only) Session
wp_lang Essential Stores your language preference Session

We do not use analytics, marketing, or advertising cookies. You can manage your cookie preferences at any time by clicking the cookie icon at the bottom of any page.

6. Legal basis for processing

We process personal data on the following legal bases (GDPR Article 6):

  • Contract performance (Art. 6(1)(b)) — processing your purchase, managing your license, providing support.
  • Legitimate interest (Art. 6(1)(f)) — server logs for security, fraud prevention, and service improvement.
  • Consent (Art. 6(1)(a)) — when you contact us via the contact form or subscribe to communications.
  • Legal obligation (Art. 6(1)(c)) — tax and accounting records as required by French law.

7. Data retention

  • Contact form messages: retained for 12 months after your last interaction, then deleted.
  • License and purchase records: retained for the duration of your customer relationship plus 5 years (French legal requirement for commercial records).
  • Server logs: retained for 12 months, then automatically purged.
  • Account data: retained until you request deletion of your account.

8. Data sharing

We do not sell, rent, or trade your personal data. We share data only with the following categories of recipients, solely as necessary to operate our service:

  • Payment processor: to process your license purchase. They receive billing information directly — we do not store credit card numbers.
  • Hosting provider (OVH, France): our website is hosted in the EU. OVH processes server data as a sub-processor under a DPA.
  • Email service: to send transactional emails (license delivery, support replies). Your email address is shared with our email provider.

All our service providers are established in the European Union or provide adequate safeguards as required by GDPR Chapter V.

9. International data transfers

Our Website and all associated services are hosted within the European Union (France). We do not transfer personal data outside the EU/EEA. If this changes in the future, we will update this policy and ensure appropriate safeguards are in place (Standard Contractual Clauses or adequacy decision).

10. Data security

We implement appropriate technical and organizational measures to protect your personal data, including:

  • HTTPS encryption on all connections
  • Hashed and salted password storage
  • Regular security updates and patching
  • Access controls limiting data access to authorized personnel only
  • Regular backups with encrypted storage

11. Your rights

Under the General Data Protection Regulation (GDPR), you have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain a copy of the personal data we hold about you.
  • Right to rectification (Art. 16) — request correction of inaccurate data.
  • Right to erasure (Art. 17) — request deletion of your personal data.
  • Right to restriction (Art. 18) — request restriction of processing in certain circumstances.
  • Right to data portability (Art. 20) — receive your data in a structured, machine-readable format.
  • Right to object (Art. 21) — object to processing based on legitimate interest.
  • Right to withdraw consent (Art. 7(3)) — withdraw consent at any time, without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at info@shieldconsent.com. We will respond within 30 days.

You also have the right to lodge a complaint with a supervisory authority. In France, the competent authority is the Commission Nationale de l'Informatique et des Libertés (CNIL)www.cnil.fr.

12. Children's privacy

Our Website and Software are not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a child under 16, we will delete it promptly.

13. Changes to this policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last updated" date. We will notify licensed customers of material changes via email. Continued use of the Website or Software after changes constitutes acceptance of the updated policy.

14. Contact

For any questions or requests regarding this Privacy Policy or your personal data: