Sookie ApS (CVR: DK38099752), Kirke Værløsevej 38, 2.tv, 3500 Værløse, Denmark, operates Sookie — a
consent management platform (CMP) that helps websites manage cookie consent, scanning and documentation in line with
GDPR, the ePrivacy rules, CCPA/CPRA, and other applicable privacy laws.
This Privacy Policy explains how we collect, use, disclose and protect personal data when you use our website,
dashboard and related services.
We are committed to privacy-by-design and process personal data in accordance with the EU General Data Protection Regulation
(GDPR) and applicable national law.
Overview of our processing
We process personal data to provide and improve the Sookie service, including account management, cookie scanning, consent logging, support, billing, security and legal compliance. We only keep data as long as necessary for the purposes described here, after which it is deleted or anonymized.
Legal bases for processing
We process personal data on the following legal bases under GDPR:
- Performance of a contract (Article 6(1)(b)) — e.g., providing the CMP and related features.
- Legitimate interests (Article 6(1)(f)) — e.g., product security, service analytics, preventing abuse.
- Consent (Article 6(1)(a)) — e.g., marketing communications where required or regional consent storage.
- Legal obligations (Article 6(1)(c)) — e.g., accounting and regulatory requirements.
Where processing relies on consent, you may withdraw it at any time.
What personal data we collect
Depending on your use of Sookie, we may process:
- Contact & account data: name, email, company, role, login identifiers (passwords are hashed).
- Service configuration data: domain(s), banner settings, languages, consent categories.
- Cookie scan data: detected cookies/trackers, script URLs, vendors, purposes, and scan reports.
- Consent records: consent status, timestamp, categories, region, and proof-of-consent logs.
- Technical data: IP address (truncated/region-resolved where appropriate), device/browser info, diagnostic logs, and security events.
- Support & billing data: requests, ticket history, subscription details, invoices and payments (payment card data is handled by our payment processor and not stored by us).
- Usage analytics: aggregated, pseudonymized metrics to improve reliability and user experience.
We use this data to deliver the service, provide audit-ready compliance documentation, and enhance product quality.
Your rights under GDPR
You have the following rights, subject to conditions in law:
- Right of access to your personal data.
- Right to rectification or erasure.
- Right to restriction of processing.
- Right to data portability.
- Right to object to processing (including direct marketing).
- Right to withdraw consent at any time (where processing is based on consent).
To exercise your rights, contact us at support@sookie.io. You can also lodge a complaint with your local supervisory authority. In Denmark: Datatilsynet.
Marketing communications
We may send service-related notices (e.g., security, billing, product updates). Marketing emails are sent only where permitted by law or with your consent. You can unsubscribe at any time via the link in our emails or by contacting us.
Sharing with processors and third parties
We share personal data with trusted data processors who provide hosting, analytics, payments, support and security. These parties process data only under our instructions and subject to data processing agreements. We may also disclose data to competent authorities where required by law.
- Hosting and infrastructure providers (EU-first where feasible).
- Payment processors for subscription billing (no card data stored by Sookie).
- Product analytics and error monitoring (aggregated/pseudonymized where possible).
- Customer support tooling for tickets and communications.
Where data is transferred outside the EU/EEA, we use appropriate safeguards (e.g., SCCs) as required by GDPR.
Service analytics, devices and security
For service reliability and improvement, we process technical and usage data (e.g., performance telemetry, error logs, authentication events). We also use security measures to prevent abuse (e.g., fraud, spam, account takeovers). Processing for these purposes is based on our legitimate interests and retained only as long as needed.
Cookies and similar technologies
Sookie uses essential cookies to operate the site and dashboard (e.g., session/auth cookies). With your consent, we may use non-essential cookies for analytics or marketing. You can change your preferences at any time via the consent banner or cookie declaration. See our Cookie Policy for details on categories, retention and vendors.
Children’s data
Sookie is not intended for children under 13, and we do not knowingly collect personal data from them. If you believe a child has provided us personal data, please contact us and we will take appropriate steps.
Where your data is processed and stored
We aim to host and process data within the EU/EEA where practicable. When transfers outside the EU/EEA are necessary, we implement appropriate safeguards (e.g., Standard Contractual Clauses) and technical/organizational measures. Access to data is restricted to authorized personnel with a need-to-know basis. Passwords are stored using strong hashing.
External links
Our website and dashboard may contain links to third-party sites and services beyond our control. We encourage you to review the privacy policies of those services.
Contact and data protection inquiries
For privacy questions or to exercise your rights, contact:
Sookie ApS, Kirke Værløsevej 38, 2.tv, 3500 Værløse, Denmark
Email: support@sookie.io
Changes to this policy
We may update this Privacy Policy from time to time to reflect legal, technical or business developments. The latest version applies to our processing and is effective from 01 November 2025.
