Privacy Policy

Introduction

Lead Flow Connect, LLC, doing business as Iron Consent (“we,” “us,” or “our”), is committed to protecting the privacy of the visitors to our website and the customers of our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at https://ironconsent.com (the “Site”), inquire about or purchase our services, or otherwise interact with us.

About Iron Consent. Iron Consent is a productized integration service that deploys ad tracking, privacy compliance, and attorney-drafted legal documentation for website owners and operators. Our services include PixelOath (ad tracking and conversion measurement setup), available to customers on any website platform; ConsentProof (consent management and cookie compliance setup), which is currently available to customers whose sites are built on WordPress; and DocShield (privacy policy and terms of service drafted from attorney-created templates), available to customers on any website platform. Because our services involve receiving administrative access to our customers’ websites, ad accounts, and tag management platforms, this Privacy Policy addresses both ordinary website visitor data and the customer access credentials and configuration data we receive in the course of delivering our services.

Geographic Scope. Iron Consent is a United States-based business with customers located worldwide. We operate our Site, store data, and conduct our business primarily in the United States. If you are accessing our Site, contacting us, or purchasing our services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using our Site or services, you understand and agree to this transfer. Additional information regarding the rights of residents of specific jurisdictions appears in the country- and state-specific sections at the end of this policy.

By visiting our Site, contacting us, subscribing to our communications, or purchasing our services, you consent to the collection and use of information in accordance with this Privacy Policy.

Information We Collect

We collect information in two general categories: information you actively provide to us, and information that is collected automatically when you interact with our Site or services.

Information You Actively Provide

Inquiry and Intake Information

• Name (first and last)
• Business or organization name
• Email address
• Phone number (optional)
• Website URL
• Information about your current ad tracking, analytics, and consent management setup
• The services you are interested in or have purchased
• Any other information you choose to provide in correspondence with us

Customer Account and Access Information

Because our services require us to configure technology on our customers’ own websites and within their advertising and analytics platforms, customers who purchase our services provide us with administrative credentials and access permissions. This may include:

• WordPress administrator credentials or contributor-level access to your site
• Google Tag Manager container access
• Google Analytics, Google Ads, and Google Search Console account access
• Meta Business Manager, Meta Ads Manager, and Meta Pixel / Conversions API access
• Microsoft Clarity, Reddit Ads, and other advertising or analytics platform access as applicable to your engagement
• Consent management platform credentials, if applicable
• Hosting provider credentials, where required for deployment
• Other technical credentials necessary to deliver the services you have purchased

How We Handle Customer Access. We treat customer access credentials as confidential. Credentials are used solely to deliver the services you have engaged us to perform. Wherever feasible, we prefer delegated access (for example, being added as a user to your Google Tag Manager, Google Ads, or Meta Business account) over the sharing of usernames and passwords, so that you retain full control and can revoke access at any time. Where credentials must be shared, we request that they be transmitted through a secure channel and we request that you change or rotate them after our engagement is complete. We do not use customer credentials for any purpose other than performing the services you have purchased.

Configuration and Deployment Data

In the course of delivering our services, we generate and retain configuration records describing the technical setup we deployed on your site. This may include records of the consent categories configured, the tags and triggers created in Google Tag Manager, the conversion events configured in your ad accounts, the third-party services integrated, and the contents of compliance documentation we produce. This information is retained so we can support your account, perform maintenance, troubleshoot issues, and accurately customize legal documents (where DocShield is purchased) to match your actual technical configuration.

Marketing Communications

If you subscribe to our marketing email list or content updates, we collect your email address and any other information you choose to provide (such as your name or business). You may unsubscribe at any time using the unsubscribe link in our emails.

Payment Information

• When you purchase a service, payment data is processed directly by Stripe, our payment processor.
• We do not store credit card numbers, debit card numbers, or banking information on our servers.
• We retain a record of the transaction (such as the amount, the service purchased, the date, and your billing name and email) for accounting, tax, and customer support purposes.

Comments and Communications

If you contact us by email, through a contact form on our Site, or through a support channel, we will receive the information you provide along with any metadata your email client or browser transmits.

Information Automatically Collected

Website Analytics

• IP address
• Browser type and version
• Device and operating system information
• Pages visited, time spent on pages, and click activity
• Referring website or source
• Approximate geographic location (city or region level, derived from IP address)

Email Analytics

If we send you marketing emails, our email service provider may track:

• Email open rates
• Click-through rates on links within emails
• Device, email client, and approximate geographic information

How We Use Your Information

We use the information we collect to:

• Respond to inquiries about our services and provide quotes or proposals
• Deliver the services you have purchased, including configuring your website, tag manager, ad accounts, and analytics platforms
• Generate the legal documents purchased through DocShield, customized to match your actual technical configuration
• Process payments and maintain transactional records
• Provide ongoing maintenance, support, and the periodic compliance and tracking checks included with our services
• Communicate with you about your account, your services, scheduled maintenance, platform changes that may affect your configuration, and renewal of maintenance
• Send marketing communications about Iron Consent, including educational content about ad tracking and privacy compliance (where you have subscribed or otherwise consented)
• Measure the effectiveness of our marketing campaigns and improve our content, Site, and services
• Detect, prevent, and address fraud, security incidents, abuse of our Site, or other unlawful activity
• Comply with our legal obligations and enforce our agreements

Third-Party Services

We use the following third-party services to operate our Site and deliver our services. Each provider has its own privacy policy governing how it handles personal information.

WordPress

Our Site is built on WordPress. WordPress’s privacy policy can be found at https://automattic.com/privacy/.

Cloudflare

• Provides security, performance optimization, and DDoS protection for our Site.
• May challenge visitors with CAPTCHAs or similar mechanisms to prevent automated abuse.
• Collects IP addresses and browser information for security and performance purposes.

Privacy policy: https://www.cloudflare.com/privacypolicy/.

Stripe (Payment Processing)

• When you make a payment to Iron Consent, your financial data is processed securely through Stripe’s payment infrastructure.
• Stripe processes payment information, including credit and debit card details, billing address information, and transaction data.
• We do not receive or store your full payment card number; we receive only a transaction record and limited information necessary to identify the payment.

Privacy policy: https://stripe.com/privacy.

Analytics and Tag Management

We use the following analytics and tag management tools to understand how visitors interact with our Site and to improve our services. All advertising and analytics tools that are not strictly necessary are gated through our consent management platform, as described in the “Consent Management and Cookies” section below.

Google Tag Manager

• We use Google Tag Manager (“GTM”) to manage and deploy analytics and marketing tags on our Site.
• GTM itself does not collect personal data, but it facilitates the loading of tags that may collect data as described in this Privacy Policy.

Privacy policy: https://policies.google.com/privacy.

Google Analytics

• Collects usage data to help us understand Site traffic, audience characteristics, and user behavior.
• Loads only after the visitor has provided consent through our consent management platform.

Privacy policy: https://policies.google.com/privacy.

Microsoft Clarity

• Records session activity (such as mouse movements, clicks, scrolling, and page navigation) to help us improve Site usability and user experience.
• Loads only after the visitor has provided consent through our consent management platform.

Privacy policy: https://privacy.microsoft.com/en-us/privacystatement.

Advertising Platforms

We use the following advertising platforms to promote Iron Consent and measure the performance of our advertising campaigns. All advertising tracking on our Site is gated behind affirmative visitor consent through our consent management platform. No advertising pixels, conversion tracking scripts, or related identifiers are loaded or transmitted to these platforms unless you opt in through our cookie consent banner.

Meta (Facebook and Instagram) Pixel and Conversions API

• Used to measure the effectiveness of our advertising campaigns on Meta platforms (Facebook and Instagram).
• If activated by your consent, processes visitor data (such as IP address, browser identifiers, cookie data, page events, and limited inputs you provide in forms) for conversion tracking, ad performance measurement, and audience matching.
• Loads only after the visitor has provided consent through our consent management platform.

Privacy policy: https://www.facebook.com/policy.

Reddit Ads

• Used to measure the effectiveness of our advertising campaigns on Reddit.
• If activated by your consent, processes visitor data (such as IP address, browser identifiers, cookie data, and page events) for conversion tracking and ad performance measurement.
• Loads only after the visitor has provided consent through our consent management platform.

Privacy policy: https://www.reddit.com/policies/privacy-policy.

Consent Management Platform

WPConsent. We use WPConsent as our consent management platform. WPConsent manages cookie consent preferences and enforces the loading rules for all non-essential cookies, tags, and tracking scripts on our Site. WPConsent records the consent choices of visitors who interact with our consent banner, along with metadata about the visit (such as date, time, IP address, and the consent categories selected or rejected), so that we can demonstrate compliance with applicable consent requirements. WPConsent’s privacy policy can be found at https://wpconsent.com/privacy/.

Consent Management and Cookies

Our Site uses cookies and similar tracking technologies. Because Iron Consent provides consent management services to its customers, we hold our own Site to the same compliance standard we deliver to clients. The following describes how cookies and tracking technologies are managed on our Site.

Categories of Cookies

• Strictly Necessary Cookies. Required for the operation of our Site, including security, navigation, load balancing, and remembering items in a checkout. These cookies do not require consent and cannot be disabled through the consent banner.
• Analytics Cookies. Used by Google Analytics and Microsoft Clarity to help us understand how visitors use our Site. These cookies load only after the visitor consents through our consent banner.
• Advertising and Marketing Cookies. Used by Meta and Reddit to measure the performance of our advertising campaigns and to match audiences for advertising purposes. These cookies load only after the visitor consents through our consent banner.

Consent Behavior

When you visit our Site, WPConsent presents a cookie consent banner. Until you make a selection, all non-essential cookies and tags are blocked by default. The banner allows you to:

• Accept all cookies
• Reject all non-essential cookies
• Customize your choices by category (analytics, advertising)

Your selection is recorded by WPConsent along with a timestamp, the consent categories you selected, and your approximate IP-derived location. You may change your consent preferences at any time by clicking the consent preferences link in the footer of our Site, or by clearing your cookies and reloading the Site, which will cause the consent banner to display again.

State-Specific Consent Behavior

Where applicable state privacy laws require opt-out treatment for the sale or sharing of personal information, our consent management platform is configured to recognize the Global Privacy Control (“GPC”) browser signal as a valid opt-out request. Where applicable state privacy laws require opt-in treatment for sensitive personal information or for minors, our consent management platform is configured accordingly.

Server-Side Tracking

Some of our conversion measurement is performed server-side (for example, through the Meta Conversions API). Server-side conversion events are transmitted only when the visitor has provided consent for advertising cookies, and the same consent state that controls browser-side pixels controls server-side transmissions.

Data Sharing and Disclosure

We do not sell, rent, or trade your personal information. We may disclose or transmit your information in the following limited circumstances:

• Service providers and subprocessors. We share information with the third-party service providers identified in this Privacy Policy (such as Stripe for payment processing, Cloudflare for security, our email provider for communications, and our hosting provider) to the extent necessary for them to provide their services to us.
• Advertising platforms (with consent only). Where you have consented to advertising cookies, certain visitor data (such as IP address, browser identifiers, cookie data, and page events) is transmitted to Meta and Reddit through the pixels and APIs deployed on our Site for the purpose of measuring our advertising performance. These platforms may use this data for their own advertising and measurement purposes in accordance with their respective privacy policies.
• Contractors performing services on our behalf. Our services are delivered through trained contractors who follow our standardized playbooks. These contractors may receive access to customer information and credentials strictly to deliver the services you have purchased. Contractors are bound by confidentiality obligations and are prohibited from using customer information for any other purpose.
• Attorney partner. Where you purchase our DocShield service or Priority Maintenance with annual document review, deployment data and configuration details may be reviewed by our compliance attorney partner solely to maintain the legal document templates and to ensure that the documents we provide accurately reflect your technical configuration. Communications with our attorney partner relating to the legal document service are conducted for the limited purpose of customizing and maintaining the document templates; the attorney partner is not retained by you as your personal legal counsel through this service.
• Legal process. We may disclose information if required by law, regulation, subpoena, court order, or other valid legal process, or to respond to lawful requests by public authorities.
• Protection of rights. We may disclose information when we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
• Business transfers. If Iron Consent is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or a portion of its assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.
• With your express consent. For any disclosure not described above, we will obtain your express consent before sharing your personal information with any third party.

No Sale of Personal Information

We do not “sell” personal information as that term is defined under applicable state privacy laws. With respect to the broader concept of “sharing” under the California Consumer Privacy Act and similar laws, we recognize that the operation of advertising pixels and conversion APIs (such as the Meta Pixel, Meta Conversions API, and Reddit Pixel) may transmit certain visitor data to those platforms in a manner that some laws characterize as “sharing” for cross-context behavioral advertising. As described in the “Consent Management and Cookies” section above, no such transmission occurs on our Site unless the visitor has affirmatively provided consent through our cookie consent banner. Visitors who reject advertising cookies, who use the Global Privacy Control browser signal, or who exercise their opt-out rights as described below are not subject to such transmission.

Data Retention

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. Specific retention practices include:

• Inquiry and lead data: Retained for up to 24 months from the date of last contact, unless you become a customer or request earlier deletion.
• Customer account and configuration records: Retained for the duration of your engagement and for a period of up to 7 years after the end of the engagement, for support, audit, legal documentation accuracy, and tax purposes.
• Customer access credentials: Where credentials must be stored to deliver ongoing maintenance, they are stored in a secured credential vault and accessed only by personnel performing services for you. Where credentials are no longer needed, they are deleted, and we encourage customers to rotate any shared credentials at the conclusion of an engagement.
• Marketing email subscribers: Retained in our email service provider for as long as you remain an active subscriber. If you unsubscribe, your record is marked as inactive but may not be automatically deleted from the provider’s system, to honor your unsubscribe and prevent inadvertent re-subscription. You may request permanent deletion by contacting us at the email address below.
• Website analytics data: Typically retained for 26 months in Google Analytics.
• Consent records (WPConsent): Retained for the period required to demonstrate compliance with applicable consent requirements, which is typically 24 months.
• Payment and transaction records: Retained for 7 years for accounting, tax, and legal compliance purposes.

Your Rights and Choices

Email Preferences

You can:

• Unsubscribe from our marketing emails at any time using the unsubscribe link at the bottom of any marketing email.
• Update your subscription preferences through the preference center linked in our marketing emails.
• Contact us to request changes to the email address or other contact details associated with your account.

Please note that even after unsubscribing from marketing communications, we may still send you transactional communications related to your services or account (such as receipts, scheduled maintenance notifications, platform change alerts that affect your configuration, and customer support responses).

Cookie Preferences

You can:

• Adjust your cookie preferences at any time by clicking the consent preferences link in the footer of our Site.
• Clear your cookies in your browser, which will cause our consent banner to display again on your next visit.
• Use the Global Privacy Control browser signal, which we recognize as a valid opt-out request where applicable law requires it.

Access, Correction, and Deletion

You may request that we:

• Confirm whether we are processing personal information about you and provide access to that information.
• Correct inaccurate personal information we maintain about you.
• Delete personal information we maintain about you, subject to applicable legal exceptions (for example, we may retain information necessary to complete a transaction, comply with a legal obligation, or maintain records required for tax or accounting purposes).

To exercise these rights, please contact us at hello @ ironconsent.com. We may request additional information to verify your identity before responding to your request, particularly where the information sought is sensitive or where the request implicates other persons’ information.

A Note for Customers: Personal Information You Provide About Others

When you purchase Iron Consent services for a website that you own or operate, you may provide us with access to systems that contain personal information about your own customers, subscribers, employees, or website visitors. We do not access, process, or use that information for any purpose other than delivering the services you have engaged us to provide. We act as a service provider with respect to that information; you remain the controller (or business, as applicable) of the personal information collected through your own website and accounts.

Our role is limited to configuring the technical infrastructure (consent management, tag deployment, conversion tracking, and consent logging) and producing legal documentation that accurately reflects the configuration we deploy. We do not exfiltrate, sell, share, or otherwise use the personal information of your end users for our own purposes.

If you are a privacy regulator, a representative of an end user of one of our customers, or a third party who believes that information about you may have been processed by Iron Consent in connection with services we provide to one of our customers, please contact us at hello @ ironconsent.com and we will route your inquiry to the appropriate customer, who is the controller of the relevant information.

Children’s Privacy

Iron Consent’s Site and services are directed to business owners and operators, and are not directed to individuals under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete such information. If you believe we may have inadvertently collected personal information from a child under 13, please contact us at hello @ ironconsent.com.

Security

We use commercially appropriate administrative, technical, and physical safeguards to protect personal information and customer access credentials from unauthorized access, alteration, disclosure, or destruction. These safeguards include access controls, encryption in transit, separation of credential storage from other data, and contractor confidentiality requirements. However, no method of transmission over the internet or method of electronic storage is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of any account credentials you create with us and for promptly rotating credentials you have shared with us at the conclusion of an engagement.

Links to Other Websites

Our Site, our marketing communications, and our content may contain links to third-party websites, including the websites of our service providers, our customers, and other resources. We are not responsible for the privacy practices of those websites. We encourage you to review the privacy policy of every website you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, our technology stack, the third-party services we use, applicable legal requirements, or for other operational reasons. Any changes will be posted on this page with a revised “Effective Date” and “Last Updated” date at the top of this policy. Your continued use of our Site or our services after the posting of a revised Privacy Policy constitutes your acceptance of the updated terms. For material changes that significantly affect how we handle your personal information, we may, at our discretion, provide additional notice by email or through a notice on our Site, but we are not obligated to do so. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

Lead Flow Connect, LLC dba Iron Consent

Email: hello @ ironconsent.com

Website: https://ironconsent.com

California Privacy Rights

Applicability. Iron Consent is a business-to-business service provider directed to website owners and operators in the United States. Based on the nature and scale of our operations, we do not believe we currently meet the threshold requirements for mandatory compliance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”). Specifically, we do not have annual gross revenues exceeding $26,625,000; we do not buy, sell, or share the personal information of 100,000 or more consumers or households; and we do not derive 50% or more of our annual revenue from selling or sharing consumers’ personal information.

No Sale of Personal Information. Regardless of the CCPA’s applicability to our business, we affirmatively state that we do not sell the personal information of California residents or any other consumers. With respect to “sharing” under the CCPA’s broad definition, we recognize that the operation of advertising pixels and conversion APIs (including those operated by Meta and Reddit) may transmit certain visitor data to those platforms in a manner that could be characterized as “sharing” for cross-context behavioral advertising. As described in the “Consent Management and Cookies” section, no such transmission occurs on our Site unless the visitor has affirmatively provided consent through our cookie consent banner. Visitors who reject advertising cookies, who decline consent, or who transmit the Global Privacy Control browser signal are not subject to such transmission.

Rights Available to California Residents. Although we do not believe we are required to comply with the CCPA, as a matter of policy and good privacy practice we extend the following rights to California residents:

• Right to Know. You may request that we disclose the categories and specific pieces of personal information we have collected about you, the sources from which the information was collected, the business or commercial purposes for collecting it, and the categories of third parties with whom we have shared it.
• Right to Delete. You may request that we delete personal information we have collected about you, subject to applicable legal exceptions.
• Right to Correct. You may request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale or Sharing. We do not sell personal information. Our consent management platform blocks advertising-related transmissions by default and recognizes the Global Privacy Control browser signal as a valid opt-out request. You may also withdraw consent at any time through the consent preferences link in the footer of our Site.
• Right to Limit Use of Sensitive Personal Information. We do not use or disclose sensitive personal information for purposes that would trigger the right to limit under the CCPA.
• Right to Non-Discrimination. We will not discriminate against you for exercising any of these rights.

How to Submit a Request. If you are a California resident and wish to exercise any of the rights described above, please email us at hello @ ironconsent.com. We will respond to verifiable consumer requests within 45 days of receipt. We may request additional information to verify your identity before processing your request.

Authorized Agents. You may designate an authorized agent to make a request on your behalf. We may require the authorized agent to provide proof of your written permission and may require you to verify your own identity directly with us before we respond to a request submitted by an authorized agent.

Notice of Financial Incentive. We do not offer financial incentives in exchange for personal information.

Other State Privacy Rights

Several U.S. states have enacted consumer privacy laws that may grant residents certain rights regarding their personal information, including but not limited to Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, Tennessee, Iowa, Indiana, Florida, Delaware, New Hampshire, New Jersey, Maryland, Minnesota, Rhode Island, Kentucky, and Nebraska. While we do not believe we currently meet the threshold requirements for mandatory compliance with most of these laws, we respect the privacy of all visitors and customers.

If you are a resident of any U.S. state with an applicable consumer privacy law and you wish to submit a request regarding your personal information, please contact us at hello @ ironconsent.com. We will evaluate your request in good faith and respond within the timeframe required by applicable law, which is typically 45 days. The rights typically available under these laws include the right to confirm whether we are processing your personal information, the right to access and obtain a copy of your personal information, the right to correct inaccuracies, the right to delete personal information, the right to opt out of targeted advertising or the sale of personal information, and the right to appeal a denial of any of these rights.

European Economic Area, United Kingdom, and Switzerland (GDPR)

Applicability. Iron Consent serves customers worldwide, including individuals and businesses located in the European Economic Area (“EEA”), the United Kingdom (“UK”), and Switzerland. To the extent we offer our services to, or process the personal data of, individuals located in these regions, our processing is subject to the EU General Data Protection Regulation (“GDPR”), the UK GDPR, and the Swiss Federal Act on Data Protection (“FADP”), as applicable. This section describes how we comply with these laws and the rights available to data subjects in these regions.

Controller and Processor Roles. With respect to the personal data of individuals who visit our Site, contact us, subscribe to our communications, or purchase our services in their individual capacity, Iron Consent acts as a controller of that personal data. With respect to the personal data of end users of our customers’ websites — personal data that we access only in the course of delivering services to our customers — Iron Consent acts as a processor on behalf of the customer, who is the controller. Customers who require a data processing agreement (“DPA”) may request one by contacting us at hello @ ironconsent.com.

Legal Bases for Processing. Where the GDPR, UK GDPR, or FADP applies, we rely on the following legal bases for our processing:

• Consent. Where you have opted in to non-essential cookies through our consent banner, subscribed to our marketing communications, or otherwise provided consent to a specific processing activity.
• Performance of a contract. Where you have engaged us to deliver services, we process your personal data as necessary to perform our contractual obligations to you and to take steps at your request before entering a contract.
• Legitimate interests. We process certain personal data on the basis of our legitimate interests in operating, securing, promoting, and improving our business, responding to inquiries, preventing fraud and abuse, and providing customer support, provided those interests are not overridden by your fundamental rights and freedoms. You have the right to object to processing carried out on this basis as described below.
• Compliance with legal obligations. Where processing is required to comply with applicable law, including tax, accounting, and regulatory obligations.

Your Rights Under GDPR, UK GDPR, and FADP

If the GDPR, UK GDPR, or FADP applies to our processing of your personal data, you have the following rights, subject to any applicable exceptions and limitations:

• Right of Access. You may request confirmation of whether we process your personal data and, if so, a copy of that personal data and information about how it is processed.
• Right to Rectification. You may request that we correct inaccurate personal data or complete incomplete personal data we maintain about you.
• Right to Erasure (“Right to Be Forgotten”). You may request that we delete personal data we maintain about you, subject to legal exceptions (for example, where we are required to retain information for tax, accounting, or legal compliance purposes, or where retention is necessary to establish, exercise, or defend legal claims).
• Right to Restrict Processing. You may request that we limit the processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data.
• Right to Data Portability. Where the processing is based on consent or contract and is carried out by automated means, you may request a copy of the personal data you have provided to us in a structured, commonly used, and machine-readable format.
• Right to Object. You may object at any time to processing of your personal data carried out on the basis of our legitimate interests, including profiling. You may also object at any time to processing for direct marketing purposes, and we will cease such processing on request.
• Right to Withdraw Consent. Where processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal. You may withdraw cookie consent by using the consent preferences link in our Site footer or by clearing your browser cookies. You may unsubscribe from marketing emails using the link in our emails.
• Right Not to Be Subject to Solely Automated Decision-Making. We do not make decisions about you based solely on automated processing that produce legal or similarly significant effects.
• Right to Lodge a Complaint. You have the right to lodge a complaint with the data protection supervisory authority in the EU member state, UK, or Swiss canton of your habitual residence, place of work, or place of the alleged infringement. We would, however, appreciate the opportunity to address your concerns directly before you contact a supervisory authority — please feel free to reach out to us first at hello @ ironconsent.com.

International Data Transfers

Personal data collected through our Site and services is transferred to and stored in the United States. The United States has not received an adequacy decision from the European Commission applicable to all transfers from the EEA, and similar considerations apply to transfers from the UK and Switzerland. Where required, we rely on appropriate safeguards for these transfers, which may include the European Commission’s Standard Contractual Clauses (“SCCs”), the UK International Data Transfer Agreement or Addendum, the Swiss equivalent provisions, or other lawful transfer mechanisms recognized under applicable law. Customers who require copies of the applicable transfer documentation in connection with services we provide to them may request them by contacting us at hello @ ironconsent.com.

EU and UK Representatives

If applicable law requires us to designate a representative in the EEA or the UK pursuant to Article 27 of the GDPR or UK GDPR, we will provide the representative’s contact information in this Privacy Policy. If you are located in the EEA, UK, or Switzerland and have questions regarding our processing of your personal data, you may contact us directly at hello @ ironconsent.com.

How to Submit a Request

To exercise any of the rights described above, please email us at hello @ ironconsent.com. We will respond to your request within 30 days, although we may extend this period by an additional two months where necessary, taking into account the complexity and number of requests, in which case we will inform you of the extension and the reasons for it. We may request additional information to verify your identity before processing your request. There is no charge for exercising your rights, except where requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request, as permitted by applicable law.

International Users

Iron Consent is based in the United States, and our servers and central databases are operated in the United States. Iron Consent serves customers worldwide. If you are accessing our Site, contacting us, subscribing to our communications, or purchasing our services from outside the United States, please be aware that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those of your jurisdiction and may, in some cases, provide less protection than the laws of your country. By using our Site or our services, you understand and agree to this transfer.

For customers and visitors located in the EEA, UK, and Switzerland, additional rights, legal bases, and transfer-mechanism information are described in the “European Economic Area, United Kingdom, and Switzerland (GDPR)” section above.

If you are located in another country with applicable data protection laws and wish to exercise any rights you may have with respect to your personal information, please contact us at hello @ ironconsent.com and we will evaluate your request in good faith and respond within the timeframe required by applicable law.