Current document: Trust center
Trust and compliance
1.70.52Lean Cookie Consent Trust Center
Security, privacy, data processing and operational safeguards for customers using the hosted consent platform.
Core documents
| Document | What it covers | Link |
|---|---|---|
| Service terms | Service scope, customer responsibilities, license behavior and generated-report limitations. | Open terms |
| Service privacy notice | Platform account data, site profiles, consent evidence, operational logs and retention. | Open privacy |
| Data Processing Agreement | Controller/processor roles, safeguards, subprocessors and incident cooperation. | Open DPA |
Operational safeguards
- Consent records are scoped by site key and allowed domain.
- Admin, owner and collaborator areas are separated by role and site assignment.
- Production runtime secrets, databases, generated passwords, mail logs and backups are kept outside the public document root.
- Exports redact sensitive authentication material and raw Stripe webhook payloads.
- Retention is configurable for technical events, scanner runs, acquisition events and mail logs.
Retention and backup baseline
Technical events90 daysScanner runs180 daysAcquisition events90 daysMail log cap262144 bytesBackupsOwner-only export, stored outside public web root when configured for production.