Data Processing & Security
At CookieHub, we take data processing and security seriously. We understand that our customers rely on us to protect their sensitive information, and we are committed to maintaining the highest standards of data privacy and security. On this page, we'll provide an overview of our data processing practices and the measures we take to keep your data safe.
Consent log
CookieHub does not collect or store any sensitive or personal information about your website's end-users. If the consent log feature is enabled for your domain, we only collect and store the necessary data to demonstrate the user's choices as required by GDPR article 7.1.
The consent log data is stored in a secure vault that is separate from other CookieHub services and has built-in safeguards to prevent unauthorized access. Additionally, consent log entries are automatically deleted after 12 months to ensure compliance with data retention policies.
Our objective is to avoid collecting any unnecessary information and maintain transparency regarding the data that we collect or process.
Below is a list of details and their purposes that are stored in the CookieHub consent log:
Property | Details / Purpose |
---|---|
Token | A unique string stored in a CookieHub cookie in the user's browser along with the settings for the cookie categories. This token can be requested from the user to find the entry from the consent log and demonstrate the user's consent choices. |
Url | The full URL that the user was viewing when the cookie settings were configured in the CookieHub widget. |
Widget revision | A reference to the widget revision which was shown at the time the user made their consent choices. |
IP address | The anonymized IP address of the client, with the last part of the IP address replaced with a 0 to avoid the risk of identifying personal information. |
Country | The registered country code for the anonymized IP address block. |
User agent | The user agent string usually containing browser and operating system information. |
Date and time | The date and time of the consent. |
Cookies used by CookieHub
Depending on policy framework in use, CookieHub may use up to 3 cookies/local storage items to store user consent
Name | Type | Purpose |
---|---|---|
cookiehub | cookie | Default cookie used by CookieHub to store user consent, region detected, token and more. Further details below. |
cookiehub-ac | local storage | When TCF 2.1/2.2 is in use with Google's Additional Consent Mode, a list of providers that are not registered in the IAB Global vendor list are stored in this local storage entry |
euconsent-v2 | cookie | When TCF 2.1/2.2 is in use, the IAB consent string is stored in this cookie |
cookiehub
To prevent the CookieHub widget from repeatedly appearing for the same user, the cookie choices must be stored in a first-party cookie within the user's browser. The cookie is set to expire after one year by default but can be adjusted in the dashboard, the CookieHub tag in Google Tag Manager or by modifying the cpm variable in the inline HTML code.
Our aim is to store only necessary information and to be transparent about the data collected and processed. Detailed information about the CookieHub cookie structure and the purpose of each section can be found below.
To avoid issues caused by special characters that are not permitted in cookies, the cookie value is base64 encoded. The base64 encoded value will resemble the following:
eyJhbnN3ZXJlZCI6dHJ1ZSwicmV2aXNpb24iOjMsImRudCI6ZmFsc2UsImFsbG93U2FsZSI6dHJ1ZSwicmVnaW9uIjoiRzAiLCJ0b2tlbiI6IkVqN2FEb0dna2xLbVpUSEVZTWxQTE1Sc1pnOFVGY0hNZkNxblA4N1U3SWhKZnZhY25kTkYxMFlLUHRYcXIxclciLCJ0aW1lc3RhbXAiOiIyMDIyLTEyLTE3VDIzOjE3OjA1LjMxOFoiLCJhbGxBbGxvd2VkIjp0cnVlLCJjYXRlZ29yaWVzIjpbXSwidmVuZG9ycyI6W10sInNlcnZpY2VzIjpbXSwiaW1wbGljaXQiOmZhbHNlfQ==
Once decoded, the value will be structured as a JSON object, similar to this:
{
"answered":true,
"revision":3,
"dnt":false,
"allowSale":true,
"region":"G0",
"token":"Ej7aDoGgklKmZTHEYMlPLMRsZg8UFcHMfCqnP87U7IhJfvacndNF10YKPtXqr1rW",
"timestamp":"2022-12-17T23:17:05.318Z",
"allAllowed":true,
"categories":[],
"vendors":[],
"services":[],
"implicit":false
}
Below is a table that outlines the different properties of the JSON object used by CookieHub, along with their respective details and purposes:
Property | Details / Purpose |
---|---|
answered | Indicates whether the user has made any cookie choices in the CookieHub widget, including allowing all categories, denying all categories or allowing some categories. |
revision | By default, the value of this property is 1. However, if the "Reset consents" button is clicked in the CookieHub Dashboard, the value is increased by 1 each time. If the value of this property is set to a lower number than the current revision for the domain, the user will be prompted to make his or her cookie choices again. |
dnt | If the user's browser sends the "do-not-track" (DNT) flag, this value will be set to true. CookieHub respects the DNT flag and doesn’t automatically load cookie categories used for tracking if the DNT flag is sent. |
allowSale | This property is only used when CCPA policy framework or IAB GPP is active. It is set to false if the user has opted-out of the sale of personal information. |
region | This property displays the region code detected from the user's IP address. |
token | A unique token created for each user that can be used to look up the user's consent in the consent log. |
timestamp | The date and time when the last change to user consent was made is displayed in this property. |
categories | This property lists the categories enabled for the domain. If the "allAllowed" property is set to true, this property is empty. |
vendors | This property lists the vendors enabled for the domain. If the "allAllowed" property is set to true, this property is empty. |
services | This property lists the services enabled for the domain. If the "allAllowed" property is set to true, this property is empty. |
implicit | This property is set to true if implicit consent type was enabled, resulting in cookies being set prior to consent. |
cookiehub-ac
Used to store AC string (Google Additional Consent Mode) which contains a list of consented Google Ad Tech Providers that are not registered with IAB.
An AC string contains the following three components:
- Part 1: A specification version number, such as "1"
- Part 2: A separator symbol "~"
- Part 3: A dot-separated list of user-consented Google Ad Tech Provider (ATP) IDs. Example: "1.35.41.101"
For example, the AC string 1~1.35.41.101 means that the user has consented to ATPs with IDs 1, 35, 41 and 101, and the string is created using the format defined in the v1.0 specification.
Google’s Additional Consent Mode technical specification (opens in a new tab)
euconsent-v2
Used to store TC string which contains the transparency and consent established for vendors on IAB’s Global Vendor List (GVL)
Transparency and Consent String with Global Vendor (opens in a new tab)
Security and Data Protection practices
CookieHub is committed to ensuring the highest levels of security and data protection in accordance with ISO 27001, GDPR, and PCI-DSS. Our robust security and management policies are designed to protect the data we store and process, and ensure business continuity.
We store all data in tier 3+ data centers in Europe that are ISO 27001 certified, secure by design, and redundant. Our servers are monitored 24/7, and we have automatic offsite backups in place. We also have policies for vulnerability and patch management, network access, and risk management.
We have built-in data protection safeguards in all our services, including our content delivery network (CDN), which is fully redundant and scalable, distributed across data centers worldwide.
We do not store, track, or process any personal information about end-users, and we anonymize IP addresses in log files to protect user privacy.
Data Processing Agreement (DPA)
In order to comply with GDPR regulations, data controllers are obligated to sign a data processing agreement with any parties that act as data processors on their behalf. A data processor, according to GDPR, is a third party that processes personal data on behalf of a data controller.
For customers with active paid subscriptions who require a signed DPA, we can provide one upon request. To receive a signed DPA, please contact us with your company name, registration number, address, and the primary email address associated with your account.
If you require a custom DPA, we can sign one upon approval by our legal team. Please note that this option is only available for customers with active enterprise subscriptions.
Download CookieHub DPA (opens in a new tab)
Server locations
CookieHub uses a robust infrastructure with multiple cloud hosting providers to ensure the secure storage and processing of data. The data centers are located in Germany, France, and the Netherlands, and all data is encrypted both in transit and at rest. Additionally, CookieHub never shares or sells data to third parties or transfers it outside of the EU and EEA.
The primary cloud provider used by CookieHub is Amazon AWS, which hosts the CookieHub dashboard (dash.cookiehub.com) and provides various core services. It also runs the primary content delivery network (CDN), which serves the CookieHub widget on customer websites. The CDN is distributed across various data centers around the world to minimize latency and ensure the CookieHub widget has minimal impact on website performance.
To provide an alternative content delivery network and consent log storage in data centers operated by a European service provider, CookieHub offers a Europe-only storage option. Customers can switch to this option in the CookieHub dashboard under the Settings tab. The cloud providers used for European storage are Scaleway SAS and BunnyWay d.o.o., with consent log data stored in the Netherlands and France.
Sub-processors
CookieHub has a globally distributed infrastructure, powered by top-tier cloud service providers. Here is a list of sub-processors that we collaborate with:
Entity Name | Entity Location | Processing Location | Purpose |
---|---|---|---|
Amazon Web Services Inc. | United States | Germany, United Kingdom | Cloud hosting, data storage, monitoring and security solutions |
Amazon Web Services Inc. * | United States | Worldwide | Content delivery network |
Online S.A.S. ** | France | Netherlands | Cloud hosting, data storage |
UpCloud Ltd ** | Finland | Netherlands | Cloud hosting, data storage |
proinity LLC (KeyCDN) * | Switzerland | Worldwide | Content delivery network |
BunnyWay d.o.o. * | Slovenia | Worldwide | Content delivery network |
Cloudflare | United States | Worldwide | Content delivery network, WAF and DDOS protection |
Help Scout PBC | United States | United States | Customer support |
* Content delivery network (CDN) providers run a global network of servers.
** For customers who have opted-in to the EU-only network, consent log data will be stored with cloud hosting providers owned by EU entities.