Privacy Policy

Effective Date: 12 April 2026 Last Updated: 12 April 2026

This Privacy Policy describes how TagLeak ("we", "us", or "our") collects, uses, stores, shares, and protects your information when you visit or use tagleak.com (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

TagLeak is operated from Cyprus. The data controller for the purposes of the EU General Data Protection Regulation (GDPR) is TagLeak.

If you have any questions about this Privacy Policy, you can contact us at support@tagleak.com.

1. Information We Collect

We collect the minimum information necessary to operate and improve the Service.

1.1 Information you provide to us

• Email address. When you sign up, log in, subscribe to updates, or contact us, we collect your email address.
• Account information from Google Sign-In. If you choose to sign in with Google, we receive your email address, basic profile information (such as your name and profile picture), and a unique Google account identifier. We only request the minimum scopes necessary to authenticate you and create your account. We do not access, store, or request access to your Gmail, Google Drive, Calendar, Contacts, or any other Google user data beyond basic profile information used for authentication.
• Payment information. If you purchase a paid plan, payment is processed by our payment provider, Stripe. We do not collect or store your full card number, CVV, or bank account details on our servers. Stripe provides us with limited transactional information (such as the last four digits of your card, card brand, country, billing name, billing email, and transaction status) which we use to manage your subscription, issue invoices, handle refunds, and comply with tax and accounting obligations.
• Marketing preferences. If you opt in to receive marketing or product update emails, we record your consent and your preferences.
• Support communications. If you contact us by email, we keep a record of that correspondence so we can respond and improve our support.

1.2 Information collected automatically

When you visit tagleak.com, we automatically collect limited technical information, including:

• IP address (truncated or anonymised where possible)
• Browser type and version
• Device type and operating system
• Referring URL and pages visited
• Date and time of access
• Approximate geographic location (country / region level)

This information is collected through cookies and similar technologies, and through our analytics provider (see Section 4).

1.3 Information related to the Service itself

TagLeak is a cookie consent and tag compliance tool. When you use the Service to scan a website you own or operate, we process the URLs and scan results you submit. We do not intentionally collect personal information about visitors to the websites you scan; scan results consist of technical information about cookies, tags, and scripts present on those websites.

2. How We Use Your Information

We use the information we collect for the following purposes:

• To provide, operate, and maintain the Service
• To create and manage your account and authenticate you (including via Google Sign-In)
• To process and return the results of website scans you initiate
• To process payments, manage subscriptions, issue invoices and receipts, and handle refunds, chargebacks, and tax/accounting obligations
• To communicate with you about your account, billing, security alerts, and important Service updates (transactional emails)
• To send you marketing emails, product updates, newsletters, and promotional offers, where you have opted in or where permitted by applicable law. You can unsubscribe at any time using the link in any marketing email or by emailing support@tagleak.com
• To respond to your support requests and inquiries
• To display advertising on the Service and to measure the performance of those advertisements
• To deliver personalised and remarketing advertising on third-party platforms (see Section 4.4), where you have given the appropriate consent
• To monitor usage of the Service and improve its functionality, performance, and user experience
• To detect, prevent, and address fraud, abuse, security incidents, and technical issues
• To comply with legal obligations

We do not sell your personal information in the traditional sense. However, under certain laws (such as the CCPA/CPRA), the sharing of information with advertising partners for targeted advertising may be considered a "sale" or "sharing" of personal information. Where applicable, you have the right to opt out (see Section 8).

We do not use Google user data (information received through Google Sign-In or other Google APIs) for serving advertisements, and we do not transfer Google user data to third parties for advertising purposes.

3. Legal Basis for Processing (GDPR)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR to process your personal data:

• Performance of a contract — to provide you with the Service you have signed up for.
• Legitimate interests — to operate, secure, and improve the Service, provided your rights and interests do not override those interests.
• Consent — for optional cookies and analytics, and for any marketing communications. You can withdraw your consent at any time.
• Legal obligation — where we are required to process data to comply with applicable law.

4. Cookies and Tracking Technologies

We use cookies and similar technologies to operate the Service and understand how it is used.

4.1 Strictly necessary cookies

These cookies are required for the Service to function (for example, to keep you signed in). They cannot be turned off.

4.2 Analytics cookies

We use Google Analytics, a web analytics service provided by Google LLC (or Google Ireland Limited for EEA users), to understand how visitors interact with tagleak.com. Google Analytics uses cookies to collect information such as pages viewed, session duration, device type, and approximate location. This information is processed in aggregated and, where possible, anonymised form.

You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by rejecting analytics cookies in our cookie banner.

For more information about how Google processes data, see: https://policies.google.com/privacy

4.3 Advertising and remarketing cookies

We, and our advertising partners, use cookies, pixels, and similar technologies to show you advertising on tagleak.com and on third-party platforms, and to measure the effectiveness of those advertisements. This includes remarketing, which allows us to show you relevant ads on other websites and platforms after you have visited tagleak.com.

Our advertising partners may include, among others, Google Ads, Google Marketing Platform, Meta (Facebook and Instagram), LinkedIn, and X (Twitter). These partners may set their own cookies and collect information about your device, browser, IP address, and interactions with our Service, and may combine this information with data they hold about you.

Where required by law (including in the EEA, the UK, and Switzerland), advertising and remarketing cookies are only set after you give your explicit consent through our cookie banner. You can withdraw your consent at any time by changing your preferences in the cookie banner.

You can also opt out of personalised advertising directly with the major advertising networks:

• Google: https://adssettings.google.com
• Meta: https://www.facebook.com/settings?tab=ads
• Industry opt-out tools: https://www.youronlinechoices.eu (EEA) and https://optout.aboutads.info (US)

We do not use data received from Google Sign-In or other Google APIs for advertising or remarketing.

4.4 Managing cookies

You can manage your cookie preferences at any time through our cookie banner or through your browser settings. Blocking certain cookies may affect the functionality of the Service.

5. How We Share Your Information

We do not sell your personal information. We share your information only in the limited circumstances described below:

• Service providers (processors). We share information with trusted third parties that help us operate the Service, including cloud hosting providers, database providers, email delivery providers, authentication providers, and analytics providers. These parties are bound by contractual obligations to process data only on our instructions and to keep it secure.
• Payment processor. We share the information necessary to process your payment with Stripe. Stripe acts as an independent data controller for payment and fraud-prevention purposes and processes your data in accordance with its own privacy policy: https://stripe.com/privacy
• Advertising partners. We share limited information (such as hashed identifiers, device identifiers, IP address, and online activity) with advertising and remarketing partners, as described in Section 4.3, where you have given the appropriate consent.
• Email service providers. We share your email address and related data with the providers we use to send transactional and marketing emails on our behalf.
• Google. If you use Google Sign-In, your authentication is handled by Google under its own privacy policy.
• Legal and safety. We may disclose information where required by law, court order, or governmental request, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others, or to investigate fraud or abuse.
• Business transfers. If TagLeak is involved in a merger, acquisition, reorganisation, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not share Google user data with third parties except as necessary to provide or improve user-facing features of the Service, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to affected users.

6. International Data Transfers

TagLeak is operated from Cyprus, and our service providers may be located in other countries, including outside the EEA. Where we transfer personal data outside the EEA, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses, to ensure your data receives an adequate level of protection.

7. Data Retention and Deletion

We retain your personal information only for as long as is necessary to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Account data is retained for as long as your account is active.
• Scan results are retained for as long as your account is active, or for a shorter period where applicable to your plan.
• Payment and billing records are retained for the period required by applicable tax, accounting, and anti-fraud laws (typically 7–10 years, depending on jurisdiction).
• Marketing data is retained until you unsubscribe or withdraw your consent, after which we keep a suppression record to ensure we do not contact you again.
• Analytics and advertising data is retained in accordance with our provider configurations (typically 14 months or less for Google Analytics).
• Support communications are retained for a reasonable period to provide ongoing support and for record-keeping.
• Backups containing your data may be retained for a limited period after deletion, after which they are permanently erased.

When the retention period expires, or when you request deletion of your data, we will delete or anonymise the relevant information.

You may request deletion of your account and associated personal data at any time by emailing support@tagleak.com. We will respond within the timeframes required by applicable law.

8. Your Rights

Depending on where you are located, you may have the following rights in relation to your personal data:

• Right of access — to request a copy of the personal data we hold about you.
• Right to rectification — to request correction of inaccurate or incomplete data.
• Right to erasure — to request deletion of your personal data.
• Right to restriction of processing — to request that we limit how we process your data.
• Right to object — to object to processing based on our legitimate interests.
• Right to data portability — to receive your data in a structured, machine-readable format.
• Right to withdraw consent — where processing is based on consent.
• Right to lodge a complaint — with a data protection authority. For users in Cyprus, this is the Office of the Commissioner for Personal Data Protection (www.dataprotection.gov.cy).
• Right to opt out of targeted advertising — you can opt out of personalised advertising and remarketing at any time through our cookie banner, through the advertising platforms listed in Section 4.3, or by emailing support@tagleak.com.
• Right to unsubscribe from marketing — every marketing email includes an unsubscribe link. You can also email support@tagleak.com to be removed from all marketing communications.

To exercise any of these rights, please contact us at support@tagleak.com. We may need to verify your identity before responding.

9. Security

We take reasonable and appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include encryption in transit (HTTPS/TLS), access controls, and regular security reviews. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

10. Children's Privacy

TagLeak is not directed at children under the age of 16, and we do not knowingly collect personal information from children under 16. If you believe that a child has provided us with personal information, please contact us at support@tagleak.com and we will take steps to delete it.

11. California Privacy Rights (CCPA / CPRA)

This section applies to California residents and supplements the rest of this Privacy Policy. It is provided to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA").

11.1 Categories of personal information we collect

In the past 12 months, we have collected the following categories of personal information, as defined by the CCPA/CPRA:

• Identifiers — name, email address, IP address, online identifiers, account ID, Google account ID.
• Commercial information — subscription plan, billing records, transaction history.
• Internet or other electronic network activity — pages viewed, session data, referring URLs, interactions with the Service.
• Geolocation data — approximate location derived from IP address (country / region).
• Inferences — limited inferences drawn from usage data for analytics and product improvement.

We do not knowingly collect sensitive personal information (as defined by the CPRA), and we do not use or disclose any such information for purposes that would require a separate right to limit.

11.2 Sources, purposes, and recipients

The sources, business purposes, and categories of recipients for each of the above categories are described in Sections 1, 2, and 5 of this Privacy Policy.

11.3 "Sale" and "sharing" of personal information

We do not sell personal information for money. However, our use of advertising and remarketing cookies (as described in Section 4.3) may constitute "sharing" of personal information for cross-context behavioural advertising under the CPRA. The categories of personal information shared for this purpose are identifiers, internet or other electronic network activity, and geolocation data, shared with advertising partners such as Google, Meta, LinkedIn, and X.

We do not knowingly sell or share the personal information of consumers under 16 years of age.

11.4 Your California rights

If you are a California resident, you have the right to:

• Know / access — request information about the personal information we have collected about you in the past 12 months.
• Delete — request deletion of personal information we have collected from you.
• Correct — request correction of inaccurate personal information.
• Opt out of sale/sharing — opt out of the sharing of your personal information for cross-context behavioural advertising.
• Limit the use of sensitive personal information — to the extent applicable (see Section 11.1).
• Non-discrimination — we will not discriminate against you for exercising any of these rights.

11.5 How to exercise your rights

To exercise any of these rights, you can:

• Email us at support@tagleak.com;
• Adjust your cookie preferences through the cookie banner on tagleak.com; or
• Enable the Global Privacy Control (GPC) signal in your browser — we treat GPC as a valid opt-out of sharing for cross-context behavioural advertising.

We may need to verify your identity before responding. You may also use an authorised agent to submit a request on your behalf, subject to reasonable verification.

12. CalOPPA (California Online Privacy Protection Act)

In addition to the rights above, California residents benefit from the California Online Privacy Protection Act. In compliance with CalOPPA:

• We publish this Privacy Policy on our website and it is accessible from our homepage via a link containing the word "Privacy".
• We describe the categories of personal information we collect and the categories of third parties with whom we share it in this Privacy Policy.
• Do Not Track signals: Some browsers send a "Do Not Track" (DNT) signal. Because there is no industry consensus on how to interpret DNT signals, we do not currently respond to DNT signals. However, we honour the Global Privacy Control (GPC) signal as an opt-out of sharing for cross-context behavioural advertising, as described in Section 11.5.
• We will notify users of material changes to this Privacy Policy as described in Section 15.

13. Google API Services User Data Policy

TagLeak's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

• We only use Google user data to provide or improve user-facing features of TagLeak (primarily account authentication).
• We do not transfer Google user data to third parties except as necessary to provide or improve these features, to comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users.
• We do not use Google user data for serving advertisements.
• We do not allow humans to read Google user data unless we have obtained your affirmative consent, it is necessary for security purposes (such as investigating abuse), to comply with applicable law, or the data has been aggregated and anonymised for internal operations.

14. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of those third parties. We encourage you to review the privacy policies of any third-party sites you visit.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes to our practices, the Service, or applicable law. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on the Service. We encourage you to review this page periodically.

16. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

TagLeak Email: support@tagleak.com Website: https://tagleak.com