Notifications + privacy — what leaves the platform and how to control it

For: all
Tier: free+
Time: ~5 min

Why you'd do this

Compliance tooling that itself has loose data hygiene is a hard sell. ComplianceLint deliberately minimises data egress and gives every user explicit control over the categories that DO leave: cookie categories (essential / analytics), error stack traces (Sentry), transactional vs marketing email. This chapter is the consolidated reference so privacy reviews don't require reading the full Privacy Policy to find the toggles.

Before you start

An understanding of the GDPR distinction between essential cookies (no consent needed) and analytics / marketing (explicit consent required)
Awareness that some opt-outs degrade product capability (e.g. disabling Sentry means no automated error reporting; bug fixes depend on you reproducing manually)

Step 1

First visit triggers the cookie consent banner across the bottom of the page. Two categories:

Essential — session cookies, CSRF tokens, the consent preference itself. Always on (no consent box; technically required for the site to function under GDPR Recital 30).

Analytics — PostHog (EU-hosted) for funnel + retention analytics. Off by default; toggle to opt in. Anonymous IDs only — PII is filtered server-side before write.

Buttons: Accept all (essential + analytics) / Reject non-essential (essential only) / Customise (per-category toggles). Choice is recorded in localStorage cl_consent_v1 and the banner doesn't reappear unless you clear cookies or we issue a new policy version.

Step 2

Re-open the consent dialog any time via the Cookie preferences link in the page footer. Same three-button + per-category toggles. Saving updates the localStorage entry; analytics start / stop immediately.

If you select "Reject non-essential" after previously accepting, ALL accumulated PostHog data on your client is discarded. Server-side aggregations stay (they were anonymised at write-time so they're not personally identifiable).

We never auto-re-prompt mid-session. The banner only re-appears after a policy version bump — and even then, your previous opt-out persists unless the new policy materially changed categories (it'd say "new analytics provider added" in the banner copy).

Step 3

Sentry collects unhandled errors / stack traces from the browser + server. Source code paths and error messages can contain incidentally-PII data (e.g. a user's email in a URL). We:

Use Sentry's beforeSend hook to scrub email + IP from each event before transmission
Filter known PII fields by name (email, phone, ssn, api_key, etc.)
Drop anything from a URL containing a UUID-like token

Opt-out — Settings → Account → "Disable error reporting for this account". Errors from your sessions are not sent to Sentry. Caveat: bug fixes that would have benefited from auto-collected stack traces require you to reproduce + manually report.

Step 4

Three email categories with different opt-out treatments:

Transactional — sign-in magic links, scan completion notifications, billing receipts. Cannot be opted out (the platform stops working without sign-in emails). Sender: noreply@compliancelint.dev.

Critical operational — unauthorized API key use, subscription past-due, account locked. Default ON; opt out via Settings → Email preferences. We strongly recommend keeping these on; opt-out flows are a frequent root cause for missed lockouts.

Marketing / product news — release notes, feature announcements. Default OFF (we don't believe in default-on marketing). Opt-in is explicit on the Settings page.

Every email carries a one-click unsubscribe in the footer (transactional excepted; those say "this notification cannot be turned off").

Step 5

Data residency — primary database + evidence storage in the EU (Germany, Hetzner). PostHog analytics in the EU (Frankfurt). Sentry in the EU (Ireland). LemonSqueezy billing in the US (subprocess; covered by SCCs).

GDPR Article 15 (right of access) — Settings → Danger Zone → Request data export. See Settings - account.

GDPR Article 17 (right of erasure) — Settings → Danger Zone → Delete account → Hard delete option.

GDPR Article 20 (data portability) — same data export, structured JSON. See readme inside the export bundle for schema notes.

GDPR Article 21 (right to object) — opt out of analytics + marketing via the controls above. Object to a processing purpose: email privacy@compliancelint.dev with the specific purpose; we respond within 30 days per Article 12(3).

What can go wrong

Cookie banner re-appears on every page load after I dismissed it — localStorage write blocked. Most common causes: browser private / incognito mode (localStorage clears on close), browser extension blocking storage (uBlock Origin, Privacy Badger). Either accept the banner each session or whitelist compliancelint.dev for localStorage. Note: dismissing in private mode means analytics opt-out also doesn't persist across sessions (defaults to off, the safe direction).
I opted out of Sentry but errors still mention me by name in support tickets — Two possibilities: (1) the error was captured before your opt-out — historical Sentry data isn't retroactively scrubbed, but it auto-purges after 90 days. (2) Support staff have direct DB access for tickets you filed; that's not Sentry, that's the support workflow. Email privacy@compliancelint.dev to request name redaction in the ticket itself.
Data export bundle doesn't contain my LemonSqueezy invoices — Billing data lives in LemonSqueezy's system, not ours — we store only the subscription state (active / past_due / canceled) plus their customer id. Invoice PDFs are downloadable from the LemonSqueezy customer portal (linked from Settings → Billing). For data-portability purposes, both bundles together constitute the complete record.

Last updated: 2026-04-30

Notifications + privacy — what leaves the platform and how to control it

For: all
Tier: free+
Time: ~5 min

Why you'd do this

Before you start

An understanding of the GDPR distinction between essential cookies (no consent needed) and analytics / marketing (explicit consent required)
Awareness that some opt-outs degrade product capability (e.g. disabling Sentry means no automated error reporting; bug fixes depend on you reproducing manually)

Step 1

First visit triggers the cookie consent banner across the bottom of the page. Two categories:

Essential — session cookies, CSRF tokens, the consent preference itself. Always on (no consent box; technically required for the site to function under GDPR Recital 30).

Analytics — PostHog (EU-hosted) for funnel + retention analytics. Off by default; toggle to opt in. Anonymous IDs only — PII is filtered server-side before write.

Step 2

Step 3

Sentry collects unhandled errors / stack traces from the browser + server. Source code paths and error messages can contain incidentally-PII data (e.g. a user's email in a URL). We:

Use Sentry's beforeSend hook to scrub email + IP from each event before transmission
Filter known PII fields by name (email, phone, ssn, api_key, etc.)
Drop anything from a URL containing a UUID-like token

Step 4

Three email categories with different opt-out treatments:

Marketing / product news — release notes, feature announcements. Default OFF (we don't believe in default-on marketing). Opt-in is explicit on the Settings page.

Every email carries a one-click unsubscribe in the footer (transactional excepted; those say "this notification cannot be turned off").

Step 5

GDPR Article 15 (right of access) — Settings → Danger Zone → Request data export. See Settings - account.

GDPR Article 17 (right of erasure) — Settings → Danger Zone → Delete account → Hard delete option.

GDPR Article 20 (data portability) — same data export, structured JSON. See readme inside the export bundle for schema notes.

What can go wrong

Cookie banner re-appears on every page load after I dismissed it — localStorage write blocked. Most common causes: browser private / incognito mode (localStorage clears on close), browser extension blocking storage (uBlock Origin, Privacy Badger). Either accept the banner each session or whitelist compliancelint.dev for localStorage. Note: dismissing in private mode means analytics opt-out also doesn't persist across sessions (defaults to off, the safe direction).
I opted out of Sentry but errors still mention me by name in support tickets — Two possibilities: (1) the error was captured before your opt-out — historical Sentry data isn't retroactively scrubbed, but it auto-purges after 90 days. (2) Support staff have direct DB access for tickets you filed; that's not Sentry, that's the support workflow. Email privacy@compliancelint.dev to request name redaction in the ticket itself.
Data export bundle doesn't contain my LemonSqueezy invoices — Billing data lives in LemonSqueezy's system, not ours — we store only the subscription state (active / past_due / canceled) plus their customer id. Invoice PDFs are downloadable from the LemonSqueezy customer portal (linked from Settings → Billing). For data-portability purposes, both bundles together constitute the complete record.

Last updated: 2026-04-30

Notifications + privacy — what leaves the platform and how to control it

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

What can go wrong

Related

Notifications + privacy — what leaves the platform and how to control it

Why you'd do this

Before you start

Step 1

Step 2

Step 3

Step 4

Step 5

What can go wrong

Related