Data Processing Agreement
Last updated: 4 April 2026
This DPA forms part of the Terms of Service between the Customer (“Controller”) and SOAK A/S operating as Conzentor (“Processor”).
1. Subject Matter
Processing of personal data in connection with the Conzentor cookie consent management service.
2. Purpose
Recording and storing consent choices, generating consent proof, providing analytics, and managing cookie scanning.
3. Data Subjects
Visitors to the Controller’s website(s) who interact with the consent banner.
4. Types of Personal Data
- Hashed IP addresses
- Country codes
- Consent choices and timestamps
- Hashed user agent strings
- Session identifiers
5. Security Measures
- Encryption in transit (TLS)
- SHA-256 hashing with daily rotating salts
- Row-level security (RLS)
- Regular access reviews and least privilege
6. Sub-processors
- Neon — Database — Frankfurt, DE
- Cloudflare — CDN — Global
- Lemon Squeezy — Billing — US (SCCs in place)
- Resend — Email — US (SCCs in place)
7. Data Breach
Notification within 72 hours of becoming aware of a breach.
8. Data Deletion
Upon termination, data deleted or returned within 30 days.
9. Contact
SOAK A/S — privacy@conzentor.com