Information Security

CookieTractor is used by website owners to manage consent on their websites. Stability, access control, and responsible data handling are important parts of the service.

We work with information security in a structured and ongoing way across the development, operation, and maintenance of CookieTractor. Our work is based on practical safeguards, data minimization, controlled access, and clear separation between organizations’ accounts.

This means protecting information from unauthorized access, unauthorized modification, and data loss, while keeping the platform stable and available to website owners.

Our goal is to provide website owners with a secure and reliable platform for consent management, without collecting more information than is needed for the purpose and function of the service.

How we protect data

CookieTractor only processes the information required to enable and document consent, in accordance with the website owner’s configuration.

Data is stored in Sweden, which means that processing takes place within the EU. The platform is built as a multi-tenant platform with logical separation between organizations’ accounts. This means that each organization only has access to its own information.

The platform is designed to protect information from unauthorized access and unauthorized modification.

Access and authorization

Access to data and functionality is controlled through authentication, authorization, and organization affiliation. This means that users and systems should only have access to the information and functionality they are authorized to use within the relevant organization.

CookieTractor supports multi-factor authentication (MFA/2FA) to strengthen the protection of user accounts.

Technical security

Communication with the platform is encrypted. Incoming data is validated to reduce the risk of incorrect or unauthorized use.

Sensitive information, such as passwords, is never stored in plain text.

We continuously update the platform and its dependencies. Technical reviews and penetration tests are part of our security work. Identified vulnerabilities are followed up, prioritized, and addressed.

Operations and monitoring

We monitor system functionality, log relevant events, and follow up on anomalies. This helps us detect problems, analyze causes, and take action at an early stage.

The system is designed to handle load and failures in a controlled way. We also work with technical and organizational measures to reduce the risk of data loss and to handle operational issues in a controlled way.

The underlying operating environment is provided by external hosting providers. Physical security, including access to data centers, is handled by these providers according to their established procedures.

Traceability and control in consent management

CookieTractor is designed to give website owners control over how consent is managed on the website. This means that technologies requiring consent can be restricted until consent has been given, that visitors receive clear information about what consent means, and that consent can be followed up and managed over time.

This enables a traceable, controlled, and transparent approach to cookies, privacy, and consent.

Responsibility

CookieTractor provides a technical platform for consent management. CookieTractor is responsible for the platform’s functionality, operation, and security.

The website owner is responsible for how the solution is implemented, which technologies are used on the website, and what information is provided to visitors.

Continuous work

Information security is not a static state. We continuously improve the solution based on the requirements placed on it, new insights, and identified risks.

This includes updating components and dependencies, following up on technical improvement areas, and developing our way of working over time.

Related information

If you have any questions about information security in CookieTractor, you are welcome to contact us at info@cookietractor.com.