Concentio
Features Pricing Documentation Contact
Login Get Started
Language English Deutsch Français Español Italiano Dansk Português Nederlands

Privacy Policy

Last updated: June 7, 2026

This Privacy Policy explains how Concentio collects, uses, and protects personal data. Concentio is a Consent Management Platform (CMP) designed to help website owners manage consent and support their privacy compliance workflows, including under frameworks such as the GDPR and the ePrivacy rules. We take privacy seriously and aim to be transparent about our data practices, both for visitors to this website and for customers who use our platform.

1. Who we are

Concentio is operated by TODO_LEGAL_COMPANY_NAME, registered at TODO_REGISTERED_ADDRESS, Odense, Denmark.

For the purposes of applicable data protection law:

  • Concentio acts as the data controller for personal data collected through this website, through account registration, and in connection with administration, support, and billing for the platform.
  • When customers deploy the Concentio CMP on their own websites, Concentio generally acts as a data processor or service provider on behalf of the customer. In that context, the customer is generally the data controller and is responsible for determining the purposes of processing consent-related data collected through their website.

If you have questions about this Privacy Policy or how we handle personal data, you can contact us at [email protected].

2. Scope of this Privacy Policy

This Privacy Policy applies to:

  • the Concentio marketing website;
  • account registration and administration for the Concentio service;
  • communications with prospective and current customers; and
  • billing and operational data related to the service.

It does not replace the privacy policy of any customer website that uses Concentio. If you are visiting a website that has implemented the Concentio CMP, the operator of that website is responsible for explaining how your personal data is processed on that site.

3. Personal data we collect on this website

When you visit the Concentio marketing website, we collect the personal data that you choose to provide to us.

For example:

  • Contact form data: your name, email address, subject, and message.
  • Signup data: your email address, company name, and password.
  • Technical and security data: in limited cases, we may process technical information such as IP address, browser information, and access logs when needed for security, fraud prevention, troubleshooting, or service administration.

Passwords are stored only in hashed form. We do not store passwords in plain text.

Based on the current website setup, we do not use analytics tracking, advertising pixels, or third-party marketing cookies on this website. The only cookie currently used on the marketing website is a language preference cookie, as described below.

4. Account and service data

When you create and use a Concentio account, we may process data such as:

  • email address;
  • company name;
  • hashed password;
  • account settings;
  • project and domain configuration data;
  • banner configuration data;
  • scan results;
  • operational support records; and
  • billing-related records.

We use this data to provide, maintain, secure, and administer the Concentio service.

We may also process basic technical information, such as IP address and browser user agent, when you access the admin interface, where necessary for authentication, security monitoring, fraud prevention, troubleshooting, and product operations.

5. How Concentio processes customer website consent data

When Concentio is deployed on a customer's website, the Concentio runtime script may process consent-related information from that website's visitors.

Depending on the customer's implementation and configuration, this may include:

  • a randomly generated visitor identifier;
  • consent state, such as accepted, rejected, or category-level choices;
  • timestamp of the consent action;
  • technical metadata such as IP address and user agent; and
  • configuration or audit information needed to maintain a record of consent choices.

This information is processed to provide the CMP service, including consent storage, auditability, configuration, and related product functionality.

In this context, Concentio generally acts only on the customer's behalf and in accordance with the applicable contract or data processing agreement. The customer is responsible for determining the appropriate legal basis, notices, retention periods, and configuration of their implementation.

6. Session-based usage metering

Concentio may count unique visitor sessions for billing and service usage purposes. A session generally represents a unique visitor interaction on a customer's website that triggers CMP functionality.

Session counts are used for usage metering and billing calculations. Where possible, Concentio aims to use data minimization principles for such usage calculations. Monthly aggregated usage records may be retained as part of billing and financial records.

7. Cookies and similar technologies

The Concentio marketing website currently uses a single cookie:

Cookie name Purpose Duration Type
concentio_lang Stores your preferred language setting 1 year Strictly necessary / functional for language preference

This cookie is used to remember your language choice across visits. Based on the current website setup, Concentio does not currently use analytics cookies, advertising cookies, or third-party marketing cookies on its own marketing website.

Please note that when customers deploy the Concentio CMP on their own websites, cookies or similar storage technologies may be used on those customer-controlled domains to store consent choices or related preferences. Those technologies are controlled by the customer in the context of their own website and should be described in the customer's own privacy and cookie notices.

8. How we use personal data

We may use personal data for the following purposes:

  • to respond to inquiries and demo requests;
  • to create and administer accounts;
  • to provide and operate the Concentio service;
  • to manage projects, domains, configurations, and scan results;
  • to process billing and payments;
  • to provide customer support;
  • to monitor, secure, and troubleshoot the service;
  • to maintain internal records related to operations and compliance; and
  • to comply with legal obligations.

9. Legal bases for processing

Where the GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • Contract performance: where processing is necessary to create, provide, and administer your account or to deliver the Concentio service you requested.
  • Pre-contractual steps: where you contact us about the service, request a demo, or otherwise ask us to take steps before entering into a contract.
  • Legitimate interests: where processing is necessary for purposes such as responding to business inquiries, securing the platform, preventing abuse, maintaining records, improving reliability, and administering our operations, provided those interests are not overridden by your rights and interests.
  • Legal obligation: where we need to process data to comply with applicable laws, regulations, tax rules, accounting obligations, or lawful requests.
  • Consent: where consent is required by law for a specific activity.

10. Data sharing

We do not sell or rent personal data to third parties for their own independent marketing purposes.

We may share personal data with service providers where necessary to operate the business and deliver the service, for example:

  • payment providers, such as Stripe, for payment processing;
  • hosting or infrastructure providers;
  • customer support or operational vendors; and
  • professional advisers or authorities where disclosure is legally required.

Where a third party processes personal data on our behalf, we aim to put appropriate contractual and data protection safeguards in place.

When you provide payment information, that information may be processed directly by Stripe in accordance with Stripe's own privacy documentation. Concentio does not store full payment card numbers on its own servers.

11. International transfers

Concentio's infrastructure is hosted in EU West (Netherlands).

If personal data is transferred outside the country or region in which it was originally collected, we will take steps intended to ensure an appropriate level of protection under applicable law. Depending on the circumstances, this may include contractual safeguards such as Standard Contractual Clauses or reliance on another lawful transfer mechanism.

12. Data retention

We retain personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.

As a general rule:

  • Account data is retained while your account remains active and for a limited period afterward as needed for security, support, dispute handling, and legal compliance.
  • Contact form and inquiry data may be retained for a limited period after the inquiry is resolved.
  • Billing and financial records may be retained for the period required by tax, accounting, and legal obligations.
  • Customer-controlled consent records are retained according to the applicable service configuration, contract terms, and customer instructions.

13. Your rights

Subject to applicable law, you may have the right to:

  • request access to the personal data we hold about you;
  • request correction of inaccurate or incomplete data;
  • request deletion of your personal data;
  • request restriction of processing;
  • object to certain processing activities;
  • request data portability, where applicable; and
  • lodge a complaint with a competent data protection authority.

If you want to exercise your rights, please contact us at [email protected].

If you are in the EEA, UK, or another jurisdiction with similar response timelines, we generally aim to respond within the period required by applicable law, which is often one month, subject to any permitted extensions.

If you are a visitor to a website using Concentio, please note that the operator of that website is usually the controller of your consent-related data. In those cases, you should normally direct your request to the website operator first.

14. Children's privacy

Concentio is a business-to-business service and is not directed to children. We do not knowingly collect personal data from children.

If you believe that a child has provided personal data to us in error, please contact us and we will take appropriate steps to review and delete that information where required.

15. Security

We take reasonable technical and organizational measures designed to protect personal data against unauthorized access, loss, misuse, alteration, or disclosure.

These measures may include password hashing, access controls, secure transmission, logging, and other appropriate operational safeguards.

Because no method of transmission or storage is completely secure, we cannot guarantee absolute security.

16. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or data practices.

When we make material changes, we will update the "Last updated" date above and, where appropriate, provide additional notice to registered users or customers.

17. Contact us

If you have questions about this Privacy Policy, about how we handle personal data, or if you want to exercise your privacy rights, please contact us at: