Skip to content
Cobalz Affiliate

Legal

Privacy policy

Last updated: 2026-05-11

What we collect

On the Cobalz Affiliate platform we collect: merchant + affiliate account data (name, email, role), tracking data (clicks with hashed IPs, sessions tied to first-party cookies), order data forwarded by your store integration (subtotal, total, hashed customer email/phone/IP), commission and payout records, and metadata about API usage.

Hashing & secrets

Customer PII (email, phone, IP) is hashed per-merchant with a private salt. Mercury API keys, plugin shared secrets, and affiliate TINs live in Supabase Vault and are never returned to the browser.

Cookies

Our tracker (t.js) writes a first-party _cobz_ref + _cobz_sess cookie on your storefront. Both honour Do-Not-Track and Google Consent Mode v2; when consent is denied, no beacon fires.

Subprocessors

  • Supabase (Postgres + Vault) — primary data store
  • Vercel — application hosting
  • Resend — transactional email delivery
  • Stripe — billing for the Cobalz subscription
  • Sentry — error tracking
  • Mercury — affiliate invoice issuance (per-merchant API key)
  • PayPal, Wise — optional payout rails (per-merchant credentials)
  • OpenExchangeRates / Frankfurter — daily FX rates
  • Upstash Redis — rate limiting (best-effort, no PII)

Data subject rights

EU/UK customers can request export, rectification, or deletion of their data via their merchant. Merchants can file these requests in Settings → Privacy; results land in data_subject_requests and we reply within 30 days.

International transfers

We rely on the EU Standard Contractual Clauses + UK IDTA. Our primary processing region is US-East (Supabase + Vercel).

Data retention

Your account data is retained as long as your account is active, plus 30 days after cancellation for export. Audit logs are retained for 365 days by default (configurable on Enterprise). Webhook event dedupe data is retained for 90 days.

Data controller

Cobalz LLC, a Wyoming limited-liability company.
1309 Coffeen Ave, Sheridan, WY 82801, United States.
team@cobalz.com · (307) 443-6925

Contact

For privacy questions or to file a Data Subject Request, email team@cobalz.com with the subject line “Privacy request”. We respond within 30 days.