Dorik Logo

Privacy Policy

Last Updated: April 29, 2025

1. INTRODUCTION

Dorik, Inc. ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Consently Software-as-a-Service (SaaS) cookie and consent management platform ("Services") through our website consently.net and related applications (collectively, the "Platform").

This Privacy Policy applies to:

  • Visitors to our Platform
  • Customers who register for and use our Services
  • End-users of websites implementing our consent management solutions

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access or use our Platform.

Our Terms of Service and Data Processing Agreement form important parts of our legal framework and should be read alongside this Privacy Policy.

2. DATA CONTROLLER AND PROCESSOR INFORMATION

2.1 Our Role as Data Controller

Dorik, Inc. acts as a Data Controller for:

  • Personal data of our customers who register for and use Consently
  • Personal data collected from visitors to our website consently.net
  • Marketing and communication data for our own business purposes

As a Data Controller, we determine the purposes and means of processing this personal data.

Contact information for Dorik, Inc. as Data Controller:
600 North Broad Street Ste 5 PMB 2145 Middletown,
DE 19709 United States
Email: support@consently.net

2.2 Our Role as Data Processor

Dorik, Inc. acts as a Data Processor when:

  • Processing end-user consent data on behalf of our customers
  • Collecting and storing consent records for websites implementing our consent management platform
  • Processing personal data of our customers' website visitors

For these processing activities, our customers are the Data Controllers who determine the purposes and means of processing. Our processing activities are governed by our Data Processing Agreement.

3. PERSONAL DATA WE COLLECT

We collect and process different types of personal data depending on your relationship with us:

3.1 Data We Collect as a Controller

When you register for our Services as a customer, we may collect:

  • Identity and contact data (name, email address)
  • Account data (password, account preferences)
  • Financial data (billing information, payment method details)
  • Transaction data (details about payments to and from you, subscription details)
  • Technical data (IP address, browser type, device information)
  • Usage data (information about how you use our Platform and Services)
  • Marketing and communications data (preferences for receiving marketing from us)

3.2 Data We Process on Behalf of Our Customers

When acting as a processor for our customers, we may process:

  • Cookie consent preferences
  • Consent records and histories
  • Usage data (information about how end-users interact with consent interfaces)

3.3 How We Collect Personal Data

We use different methods to collect data from and about you including through:

  • Direct interactions: Information you provide when creating an account, subscribing to our Services, or corresponding with us.
  • Automated technologies: As you interact with our Platform, we may automatically collect technical data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies.
  • Third parties: We may receive personal data about you from various third parties such as analytics providers, payment service providers, and advertising networks.

4. PURPOSES AND LEGAL BASES FOR PROCESSING

4.1 When Acting as a Controller

We process your personal data for the following purposes and legal bases:

Add row aboveAdd row belowDelete rowAdd column to leftAdd column to rightDelete columnPurposePersonal Data UsedLegal BasisTo register you as a customerIdentity, contactPerformance of a contractTo provide and maintain our ServicesIdentity, contact, technicalPerformance of a contractTo manage our relationship with youIdentity, contact, profilePerformance of a contract; Legitimate interestsTo process paymentsFinancial, transactionPerformance of a contractTo personalize your experienceUsage, technicalLegitimate interestsTo improve our Platform and ServicesTechnical, usageLegitimate interestsTo communicate with youIdentity, contactLegitimate interestsTo send marketing communicationsIdentity, contact, marketingConsent; Legitimate interestsTo administer and protect our businessIdentity, technicalLegitimate interests; Legal obligationTo comply with legal obligationsVarious as requiredLegal obligation

4.2 When Acting as a Processor

When we process personal data on behalf of our customers (as a processor), we do so based on our customers' instructions as outlined in our Data Processing Agreement. Our customers are responsible for establishing a legal basis for this processing.

Common legal bases our customers rely on include:

  • Consent of the end-user
  • Legitimate interests
  • Performance of a contract
  • Compliance with a legal obligation

We provide tools that help our customers obtain valid consent from their end-users when required by applicable laws.

5. DATA SHARING AND RECIPIENTS

5.1 Third-Party Service Providers

We may share your personal data with the following categories of third-party service providers:

  • Cloud service providers (AWS ECS Fargate, AWS Load Balancer, S3, CloudWatch - EU-Central-1/Frankfurt)
  • Database services (MongoDB Atlas - EU-Central-1/Frankfurt)
  • Caching services (Redis/Upstash - EU-Central-1/Frankfurt)
  • Frontend deployment services (Vercel - Global Edge Network)
  • Email service providers
  • Payment processors
  • Customer relationship management services
  • Analytics providers
  • Professional advisers (lawyers, bankers, auditors, insurers)

5.2 Business Transfers

If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred to the third party involved. We will notify you via email and/or a prominent notice on our Platform of any change in ownership or uses of your personal data.

5.3 Legal Requirements

We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (such as a court or government agency).

6. INTERNATIONAL TRANSFERS

We primarily store and process your data in the European Union (specifically in Frankfurt, Germany through AWS EU-Central-1 region) for our backend services, while our frontend deployment uses Vercel's global edge network and email services may be processed by our email provider. We may transfer your personal data to countries outside the European Economic Area (EEA) or your country of residence. When we do so, we ensure a similar degree of protection is afforded to your personal data by implementing at least one of the following safeguards:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules (where applicable)
  • Adequacy decisions by the European Commission
  • Privacy Shield (for transfers to the US, where applicable)

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data.

7. DATA RETENTION

We will retain your personal data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider:

  • The amount, nature, and sensitivity of the personal data
  • The potential risk of harm from unauthorized use or disclosure
  • The purposes for which we process the data
  • Whether we can achieve those purposes through other means
  • Applicable legal requirements

Our general data retention approach:

  • Customer account data: We retain your account data for as long as you maintain an active account with us. If you delete your account, we will delete your personal data within 30 days of account closure.
  • End-user consent records: For as long as required by applicable law (minimum of 13 months under GDPR requirements) or until the customer deletes their account, whichever is longer.
  • Payment and transaction data: Payment processing is handled by third-party payment processors such as Stripe. These providers maintain their own records according to their privacy policies and legal obligations, which may extend beyond your account closure with us.
  • Server logs and technical data: Typically retained for up to 12 months for security and service optimization purposes.

These retention periods may be extended if we are required to preserve data for legal proceedings, investigations, or to comply with applicable laws and regulations.

8. YOUR RIGHTS AS A DATA SUBJECT

Depending on your location, you may have certain rights regarding your personal data under applicable data protection laws:

8.1 For EEA, UK, and Similar Jurisdictions

  • Right to access: Right to request copies of your personal data.
  • Right to rectification: Right to request correction of inaccurate data or completion of incomplete data.
  • Right to erasure: Right to request deletion of your personal data in certain circumstances.
  • Right to restrict processing: Right to request restriction of processing in certain circumstances.
  • Right to data portability: Right to receive your personal data in a structured, commonly used format.
  • Right to object: Right to object to processing based on legitimate interests or for direct marketing.
  • Right to withdraw consent: Right to withdraw consent where processing is based on consent.
  • Right to lodge a complaint: Right to complain to a supervisory authority.

8.2 For California Residents

Under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), you have the following rights:

  • Right to know what personal information is collected, used, shared, or sold
  • Right to delete personal information
  • Right to opt-out of the sale of personal information
  • Right to non-discrimination for exercising your rights
  • Right to limit use and disclosure of sensitive personal information
  • Right to correct inaccurate personal information

8.3 How to Exercise Your Rights

To exercise any of the rights described above, please submit a request to us by:

  • Emailing us at privacy@consently.net

We will respond to all legitimate requests within one month (30 days). Occasionally, it may take us longer if your request is particularly complex or you have made several requests. In this case, we will notify you and keep you updated.

9. COOKIES AND TRACKING TECHNOLOGIES

Our Platform uses cookies and similar tracking technologies to distinguish you from other users. This helps us provide you with a good experience when you browse our Platform and allows us to improve our Services.

9.1 Types of Cookies We Use

  • Strictly Necessary Cookies: Required for the operation of our Platform. You can set your browser to block these cookies, but some parts of the Platform will not function properly.
  • Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our Platform. This helps us improve the way our Platform works.
  • Functionality Cookies: Used to recognize you when you return to our Platform. This enables us to personalize our content for you.
  • Targeting Cookies: Record your visit to our Platform, the pages you have visited, and the links you have followed. We use this information to make our Platform and the advertising displayed more relevant to your interests.

9.2 Cookie Management

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our Platform may become inaccessible or not function properly.

9.3 Do Not Track Signals

Some browsers incorporate a Do Not Track feature that signals to websites you visit that you do not want to have your online activity tracked. We do not currently respond to Do Not Track signals at this time.

10. DATA SECURITY

We have implemented appropriate technical and organizational measures to secure your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures include:

  • Encryption of personal data
  • Regular security assessments
  • Access controls and authentication procedures
  • Regular backups
  • Staff training on data protection
  • Incident response plans

However, the transmission of information via the internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our Platform. Any transmission is at your own risk.

11. CHILDREN'S PRIVACY

Our Services are not directed to children under the age of 16, and we do not knowingly collect personal data from children under 16. If you are under 16, do not use or provide any information on our Platform. If we learn we have collected or received personal data from a child under 16 without verification of parental consent, we will delete that information.

12. THIRD-PARTY LINKS

Our Platform may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. We encourage you to read the privacy policy of every website you visit.

13. AUTOMATED DECISION-MAKING AND PROFILING

We do not use automated decision-making or profiling techniques with your personal data. All significant decisions that affect you will involve human intervention and consideration.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date at the top. We will notify you of material changes via email or through a notice on our Platform prior to the change becoming effective.

15. IAB TRANSPARENCY & CONSENT FRAMEWORK COMPLIANCE

Our consent management platform complies with the IAB Europe Transparency & Consent Framework (TCF). As a registered Consent Management Provider (CMP), we adhere to the technical specifications and policies of the framework.

15.1 For Publishers and Advertisers

When you use our Services to implement a consent management solution on your website, we enable you to:

  • Present users with appropriate information about data processing purposes
  • Allow users to express their consent choices
  • Store and update those choices
  • Transmit those choices to third-party vendors in the advertising ecosystem

15.2 For End-Users

When you interact with websites using our consent management solution:

  • You will be presented with clear information about how your data may be used
  • You will have the opportunity to provide or withhold consent for various data processing purposes
  • Your preferences will be stored and respected
  • Your consent signals will be properly communicated to participating vendors

16. SPECIFIC PROVISIONS FOR EEA RESIDENTS

16.1 Data Protection Representative

If we do not have an establishment in the EEA, our appointed EU representative is: [Representative Name] [Representative Address] [Representative Contact Email]

16.2 Supervisory Authority

If you are located in the EEA, you have the right to lodge a complaint with a supervisory authority in your country of residence, place of work, or the place of the alleged infringement if you consider that our processing of your personal data infringes applicable law.

17. CONTACT US

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Dorik, Inc.
600 North Broad Street Ste 5 PMB 2145 Middletown,
DE 19709 United States
Email: support@consently.net

Start your compliance
right away

Built with Dorik