<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!-- Begin Jekyll SEO tag v2.8.0 --> <title>Information Security, Information Security Awareness | Consent Kit</title> <meta name="generator" content="Jekyll v4.2.2" /> <meta property="og:title" content="Information Security, Information Security Awareness" /> <meta property="og:locale" content="en_GB" /> <meta name="description" content="Information security is truly integral to our product and marketing. Read more to find out why information security really is vital for us here at Consent Kit" /> <meta property="og:description" content="Information security is truly integral to our product and marketing. Read more to find out why information security really is vital for us here at Consent Kit" /> <link rel="canonical" href="https://consentkit.com/security" /> <meta property="og:url" content="https://consentkit.com/security" /> <meta property="og:site_name" content="Consent Kit" /> <meta property="og:image" content="https://consentkit.com/assets/images/opengraph/default.png" /> <meta property="og:type" content="website" /> <meta name="twitter:card" content="summary_large_image" /> <meta property="twitter:image" content="https://consentkit.com/assets/images/opengraph/default.png" /> <meta property="twitter:title" content="Information Security, Information Security Awareness" /> <meta name="twitter:site" content="@consentkit" /> <script type="application/ld+json"> {"@context":"https://schema.org","@type":"WebPage","dateModified":"2021-01-27T00:00:00+00:00","description":"Information security is truly integral to our product and marketing. Read more to find out why information security really is vital for us here at Consent Kit","headline":"Information Security, Information Security Awareness","image":"https://consentkit.com/assets/images/opengraph/default.png","publisher":{"@type":"Organization","logo":{"@type":"ImageObject","url":"https://consentkit.com/assets/images/logomark.svg"}},"url":"https://consentkit.com/security"}</script> <!-- End Jekyll SEO tag --> <link type="application/atom+xml" rel="alternate" href="https://consentkit.com/feed.xml" title="Consent Kit" /> <link rel="stylesheet" href="/assets/css/main.css" /> <link rel="icon" type="image/png" href="/assets/images/icons/favicon.png" /> <script src="https://cdn.jsdelivr.net/npm/lodash@4.17.21/lodash.min.js" integrity="sha256-qXBd/EfAdjOA2FGrGAG+b3YBn2tn5A6bhz+LSgYD96k=" crossorigin="anonymous"></script> <script type="text/javascript" src="/assets/js/bundle.js"></script> <script defer src="https://use.fontawesome.com/releases/v5.0.8/js/all.js" integrity="sha384-SlE991lGASHoBfWbelyBPLsUlwY1GwNDJo3jSJO04KZ33K2bwfV9YBauFfnzvynJ" crossorigin="anonymous"></script> <!-- Start cookieyes banner (has to be the first script we load) --> <script id="cookieyes" type="text/javascript" src="https://cdn-cookieyes.com/client_data/7a5afe69865ffdd2581d3820/script.js"></script> <!-- End cookieyes banner --> <!-- Hotjar Tracking Code for https://www.consentkit.com --> <script> (function (h, o, t, j, a, r) { h.hj = h.hj || function () { (h.hj.q = h.hj.q || []).push(arguments); }; h._hjSettings = { hjid: 3266144, hjsv: 6 }; a = o.getElementsByTagName("head")[0]; r = o.createElement("script"); r.async = 1; r.src = t + h._hjSettings.hjid + j + h._hjSettings.hjsv; a.appendChild(r); })(window, document, "https://static.hotjar.com/c/hotjar-", ".js?sv="); </script> <script> (function (ss, ex) { window.ldfdr = window.ldfdr || function () { (ldfdr._q = ldfdr._q || []).push([].slice.call(arguments)); }; (function (d, s) { fs = d.getElementsByTagName(s)[0]; function ce(src) { var cs = d.createElement(s); cs.src = src; cs.async = 1; fs.parentNode.insertBefore(cs, fs); } ce("https://sc.lfeeder.com/lftracker_v1_" + ss + (ex ? "_" + ex : "") + ".js"); })(document, "script"); })("bElvO73y5yGaZMqj"); </script> <script src="https://cdn.usefathom.com/script.js" data-site="TVDJIUYS" defer></script> <script> (function (ss, ex) { window.ldfdr = window.ldfdr || function () { (ldfdr._q = ldfdr._q || []).push([].slice.call(arguments)); }; (function (d, s) { fs = d.getElementsByTagName(s)[0]; function ce(src) { var cs = d.createElement(s); cs.src = src; cs.async = 1; fs.parentNode.insertBefore(cs, fs); } ce("https://sc.lfeeder.com/lftracker_v1_" + ss + (ex ? "_" + ex : "") + ".js"); })(document, "script"); })("bElvO73y5yGaZMqj"); </script> </head> <body> <a href="#content" class="sr-only">Skip to main content</a> <div class="relative bg-white"> <div class="container-xl"> <div class="flex justify-between items-center py-6 md:justify-start md:space-x-10"> <div class="flex justify-start lg:w-0 lg:flex-1"> <a href="/legal" class="flex items-center"> <img class="h-4 sm:h-5" src="/assets/images/logo.svg" alt="Consent Kit logo" width="30" height="40" /> <h2 class="md:block text-lg ml-2 font-display font-medium"> Consent Kit <span class="text-green-500 ml-2">Legal and privacy</span> </h2> </a> </div> <div class="hidden md:flex items-center justify-end md:flex-1 lg:w-0"> <a href="mailto:help@consentkit.com" class="ml-6 text-base font-medium text-gray-500 hover:text-gray-900 _text-xl" target="_blank" > <i class="fas fa-envelope"></i> Contact support </a> </div> </div> </div> </div> <div class="bg-white"> <div class="container-xl py-16 sm:py-12"> <div class="flex flex-col lg:flex-row"> <!-- sidebar --> <div id="sidebar" class="lg:sticky lg:top-0 relative lg:mr-8 h-help-sidebar"> <p class="p-3"> <a href="/legal"><svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke="currentColor" class="mr-1 h-5 w-5 inline " aria-hidden="true" > <path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M7 16l-4-4m0 0l4-4m-4 4h18" /> </svg> Back to Legal centre</a> </p> <div class="hidden lg:block overflow-y-visible z-40 overflow-hidden h-full relative mt-10"> <div class="overflow-y-auto scrolling-touch relative overflow-hidden block"> <nav class="mb-10"> <h2 class="px-3 mb-3 text-base font-display font-semibold text-gray-900 tracking-wide uppercase">On this page</h2> <ul> <li> <a href="/security#where-is-my-data-stored" class="px-3 py-2 relative text-lg block hover:text-gray-900 text-indigo-500 underline">Where is my data stored?</a> </li> <li> <a href="/security#how-we-handle-your-data" class="px-3 py-2 relative text-lg block hover:text-gray-900 text-indigo-500 underline">How we handle your data</a> </li> <li> <a href="/security#how-we-keep-our-code-secure" class="px-3 py-2 relative text-lg block hover:text-gray-900 text-indigo-500 underline">How we keep our code secure</a> </li> <li> <a href="/security#how-we-secure-our-business" class="px-3 py-2 relative text-lg block hover:text-gray-900 text-indigo-500 underline">How we secure our business</a> </li> <li> <a href="/security#credit-card-security" class="px-3 py-2 relative text-lg block hover:text-gray-900 text-indigo-500 underline">Credit Card Security</a> </li> </ul> </nav> </div> </div> </div> <div id="content" class="lg:max-h-full lg:sticky lg:overflow-visible"> <div class="prose prose-lg prose-indigo"> <!-- main col --> <h1>Information Security</h1> <p>Last updated: 27th Jan, 2021</p> <h1 id="information-security">Information security</h1> <p>Our mission is to address the barriers which exclude participation in research, so that we can enable everyone to be heard and work towards more equitable futures. We do this through building tools that help you collect and manage your participant’s data responsibly, equitably and transparently.</p> <p>Living those values means we need to ensure that we also treat your data responsibly, equitably and transparently.</p> <p>For us, that means:</p> <ul> <li>We don’t, and never will, sell your data.</li> <li>We only ask for what we need to run the service.</li> <li>We don’t use tracking cookies.</li> <li>Your data is your own, Even on a trial account.</li> <li>We believe in data mobility. You can download your data at any time.</li> <li>We keep data for as long as you want us to. And when we delete it, its gone.</li> </ul> <p>Privacy by design and as default is baked into the production of our service. We use the ODI’s <a href="https://theodi.org/article/data-ethics-canvas/">Data Ethics Canvas</a> at the inception of any new feature or product to ensure the appropriate considerations are made and that we are using data ethically and responsibly.</p> <p>We are self-funded, and only accountable to our Customers.</p> <h2 id="where-is-my-data-stored">Where is my data stored?</h2> <p>By default, all of your data will be stored and processed within the EU. We do this for two reasons:</p> <ol> <li>We’re based in Europe, and</li> <li>The EU has the most stringent data protection regulations in the world.</li> </ol> <p>We also have data tenancy options available if you would prefer your data to be stored and processed within the USA.</p> <h2 id="how-we-handle-your-data">How we handle your data</h2> <h3 id="iso-27001-data-centres">ISO 27001 data centres</h3> <p>Our infrastructure runs on Heroku, which is built upon Amazon Web Services (AWS). Heroku delivers a Platform as a Service (PaaS) with exceptional security.</p> <p>For more information please see the following:</p> <ul> <li><a href="https://www.heroku.com/policy/security">Heroku Security</a></li> <li><a href="https://aws.amazon.com/security/">AWS Security</a></li> <li><a href="https://aws.amazon.com/compliance/">AWS Compliance</a></li> </ul> <p>Heroku’s physical infrastructure is hosted and managed within Amazon’s secure data centres and utilise the Amazon Web Service (AWS) technology.</p> <p>Amazon continually manages risk and undergoes reoccurring assessments to ensure compliance with industry standards.</p> <p>Amazon’s data centre operations have been accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX)</p> <h3 id="physical-security">Physical security</h3> <p>We do not have data centres as we are a cloud SaaS provider. Physical security to our servers and to your data is managed by <a href="https://aws.amazon.com/compliance/iso-27001-faqs/">AWS security certifications</a></p> <h3 id="data-storage-and-encryption-at-rest">Data storage and encryption at rest</h3> <p>Your data is <a href="https://devcenter.heroku.com/articles/heroku-postgres-production-tier-technical-characterization#data-encryption">encrypted at rest</a> using AES256 encryption within the Heroku Postgres production tier.</p> <h3 id="passwords">Passwords</h3> <p>All user passwords are stored using the Bcrypt password hashing function and stored in the database. Bcrypt uses salts and a complex hashing algorithms.</p> <h3 id="encryption-in-transit">Encryption in transit</h3> <p>All communication between you, your services and Consent Kit, that includes your data, traverses the Internet via encrypted HTTPS traffic using TLS v1.3 where supported. We support older browsers with TLS v1.2.</p> <p>This encryption during communication ensures information cannot be read or manipulated by unauthorised third parties.</p> <h3 id="backups-and-data-retention">Backups and data retention</h3> <p>We ensure that all data is regularly backed up.</p> <p>Your data lives in our servers for as long as you need them. When you delete your account all the data is deleted.</p> <h3 id="access-to-data">Access to data</h3> <p>Consent Kit staff are granted access to systems and data based on their role in the company or on an as-needed basis. SSO and 2FA are used to ensure access is as secure as possible.</p> <p>Access to customer data by Consent Kit staff is only used to assist with support and to resolve customer issues.</p> <p>When working on a support issue we do our best to respect your privacy as much as possible and only access the minimum data needed to resolve your issue.</p> <h3 id="network-and-application-level-security-monitoring-and-protection">Network and application level security monitoring and protection</h3> <p>We use a third party tool called <a href="https://www.datadoghq.com/monitoring/security-monitoring-tools/">Datadog</a> to monitor and protect our infrastructure and application from various threats and to log when these attacks occur.</p> <p>Datadog provides us with:</p> <ul> <li>Infrastructure protection from automated scanners, bots and targeted attacks. It blocks attacks and alerts in case of critical threats.</li> <li>Protection against data breaches by monitoring and blocking brute force attacks.</li> <li>Automatic monitoring of suspicious behaviours with regards to user accounts. We can react fast in case of account takeovers to protect customers against data theft by blocking credential stuffing or brute force attacks.</li> <li>A runtime protection system that identifies and blocks OWASP Top 10 and business logic attacks in real-time.</li> <li>Security monitoring that allows us to get visibility into our application security, identify attacks and respond quickly to a data breach. Security events are logged and notifications are sent in case of critical attacks to allow for fast remediation.</li> </ul> <p>Datadog is also deeply integrated into our application helping us protect against the most critical attack categories like SQL injections, cross-site scripting and adds security headers to our application. It blocks attacks in real-time and warns us when attackers start stressing our application.</p> <h3 id="communications-security">Communications Security</h3> <p>All Consent Kit’s web application communications are sent using Postmark and are encrypted TLS ensuring messages are encrypted in transit to remote mail servers and ISPs who support TLS.</p> <p>All our Postmark servers are set up to use <a href="https://postmarkapp.com/guides/dkim">DKIM</a> , <a href="https://postmarkapp.com/guides/spf">SPF</a> , and <a href="https://postmarkapp.com/guides/dmarc">DMARC</a> , allowing us to control our domain’s reputation, reducing the risk of email spoofing and ensuring a high deliverability rate.</p> <h2 id="how-we-keep-our-code-secure">How we keep our code secure</h2> <h3 id="vulnerability-management">Vulnerability management</h3> <p>All vulnerabilities are managed and tracked through a defined set of stages. Once a vulnerability is detected, it is assigned a score, using the CVSS scoring system.</p> <p>We have an internal SLA that stipulates deadlines for fixing vulnerabilities.</p> <p>If necessary, a post-mortem is arranged as a learning exercise for our whole company to improve security.</p> <h3 id="automatic-static-code-analysis">Automatic static code analysis</h3> <p>When code is committed to GitHub, our continuous integration process automatically initiates a series of tests. One such test is automatic static code analysis, configured to find vulnerabilities both in the code and within its dependencies.</p> <p>Our security monitoring tool also detects vulnerable or out of date dependencies within the application on the server.</p> <h3 id="quality-assurance-qa">Quality Assurance (QA)</h3> <p>Once the code is ready to be tested, it is deployed to our staging environment. This environment is a downscaled version of the production infrastructure and does not contain any production data. Quality assurance is performed in a different domain name to ensure complete separation from production.</p> <p>We use agile user stories to break up work and these are ranked in importance and risk. All high value and risk stories are reviewed by other members of the team on its own stand-alone Heroku Review App.</p> <h3 id="secure-software-development-life-cycle-sdlc">Secure software development life cycle (SDLC)</h3> <p>Security is part of our SDLC and influences the product roadmap and specific features. We implement the philosophy of “security by design” where security features are embedded in the product design to ensure, to the best of our abilities, that existing and new functionalities are free of vulnerabilities.</p> <h2 id="how-we-secure-our-business">How we secure our business</h2> <h3 id="mobile-device-management">Mobile device management</h3> <p>All hardware devices (desktops, laptops, phones) that Consent Kit staff use are encrypted to ensure that if stolen or lost they do not present a security risk.</p> <h3 id="password-managers-and-policy">Password managers and policy</h3> <p>To ensure an acceptable level of password security, we have an existing password policy in place. Passwords that are too generic are not allowed while the use of unique passwords per website is strongly advised. We also encourage the use of password managers, for example 1Password, that help make it easier and safer for you to keep track of your credentials.</p> <h3 id="multi-factor-authentication">Multi-factor authentication</h3> <p>The use of multi-factor authentication (MFA) is enforced throughout the main services Consent Kit relies on. MFA is also encouraged by Consent Kit.</p> <p>MFA is also mandatory for Heroku and GitHub access.</p> <h2 id="credit-card-security">Credit Card Security</h2> <p>When you purchase a paid Consent Kit subscription, your credit card data is not transmitted through nor stored on our systems. All of Consent Kit’s credit card processing is handled securely by Stripe.</p> <p>Any card data is transmitted to stripe via encrypted HTTPS</p> <p>Stripe is certified to PCI Service Provider Level 1 — the most stringent level of certification available. You can read more about their <a href="https://stripe.com/gb/terms">privacy</a> and <a href="https://stripe.com/help/security">security policies</a>.</p> <p>Have questions or feedback? Feel free to reach out to us at <a href="mailto:security@consentkit.com">security@consentkit.com</a></p> </div> <div class="bg-white"> <div class="mx-auto mt-24"> <div class="lg:flex lg:items-center lg:justify-between bg-green-700 rounded-lg py-6 px-4 lg:px-12 lg:py-12"> <div> <h3 class="text-3xl font-extrabold font-display text-white sm:text-4xl">Get help</h3> <p class="mt-2 text-white text-xl">Can't find what you are looking for?</p> </div> <div class="lg:ml-8 mt-8 flex lg:mt-0 lg:flex-shrink-0"> <div class="inline-flex rounded-md shadow"> <a href="mailto:legal@consentkit.com" target="_blank" class="inline-flex items-center justify-center px-5 py-3 border border-transparent text-base font-medium rounded-md text-indigo-600 bg-white hover:bg-indigo-50" > <i class="fas fa-envelope mr-2"></i> Get in touch <span class="ml-2"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class="-mr-1 h-5 w-5 inline " aria-hidden="true" > <path fill-rule="evenodd" d="M12.293 5.293a1 1 0 011.414 0l4 4a1 1 0 010 1.414l-4 4a1 1 0 01-1.414-1.414L14.586 11H3a1 1 0 110-2h11.586l-2.293-2.293a1 1 0 010-1.414z" clip-rule="evenodd" /> </svg> </span> </a> </div> </div> </div> </div> </div> </div> </div> </div> </div> <footer class="mt-8 bg-white" aria-labelledby="footerHeading"> <h2 id="footerHeading" class="sr-only">Footer</h2> <div class="container-xl py-12"> <div class="md:grid md:grid-cols-4 gap-8 mb-16 pt-8 border-t border-gray-200"> <div class="col-span-1 flex flex-col mb-4 md:mb-0"> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase _lg:flex-grow">Say hello</h3> <div class="mt-4 space-x-6 flex md:mt-11"> <a href="mailto:founders@consentkit.com" class="text-gray-400 hover:text-gray-300 text-2xl" target="_blank"> <span class="sr-only">Email</span> <i class="fas fa-envelope"></i> </a> <a href="https://www.linkedin.com/company/consent-kit" class="text-gray-400 hover:text-gray-300 text-2xl"> <span class="sr-only">LinkedIn</span> <i class="fab fa-linkedin"></i> </a> </div> </div> <div class="col-span-3"> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase">Trusted by</h3> <div class="flow-root mt-2"> <div class="-ml-2 flex flex-wrap justify-between space-y-6"> <div class="mt-6 ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-6 filter grayscale opacity-50" src="/assets/images/customer-logos/loom.svg" loading="lazy" alt="The loom logo" /> </div> <div class="mt-2 ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-8" src="/assets/images/customer-logos/heritage-fund.svg" alt="The National Lottery Heritage Fund logo" loading="lazy" /> </div> <div class="mt-8 ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-8" src="/assets/images/customer-logos/nile.svg" loading="lazy" alt="Nile logo" /> </div> <div class="ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-6 mt-1 filter grayscale opacity-40" src="/assets/images/customer-logos/tpximpact.svg" loading="lazy" alt="TPX Impact logo" /> </div> <div class="ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-8 filter" src="/assets/images/customer-logos/hyper-island.svg" loading="lazy" alt="Hyper Island logo" /> </div> <div class="mt-2 ml-2 flex flex-grow flex-shrink-0 items-center"> <img class="h-8" src="/assets/images/customer-logos/co-op.svg" loading="lazy" alt="the Co-op logo" /> </div> </div> </div> </div> </div> <div class="mt-12 grid grid-cols-2 grid-row-2 gap-8 md:grid-cols-4 md:grid-row-1 xl:mt-0 xl:col-span-2"> <div> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase">Product</h3> <ul class="mt-4 space-y-4"> <li> <a href="/recruit" class="text-base text-gray-500 hover:text-gray-900">Recruit</a> </li> <li> <a href="/prepare" class="text-base text-gray-500 hover:text-gray-900">Prepare</a> </li> <li> <a href="/respect" class="text-base text-gray-500 hover:text-gray-900">Respect</a> </li> <li> <a href="/features" class="text-base text-gray-500 hover:text-gray-900"> Features </a> </li> <li> <a href="/pricing" class="text-base text-gray-500 hover:text-gray-900"> Pricing </a> </li> <li> <a href="/book-demo" class="text-base text-gray-500 hover:text-gray-900"> Book demo </a> </li> <li> <a href="https://app.consentkit.com/sign-up?ref=footer" data-action="analytics#track" data-event-name="Sign Up Clicked" class="text-base text-gray-500 hover:text-gray-900"> Try for free </a> </li> </ul> </div> <div> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase">Resources</h3> <ul class="mt-4 space-y-4"> <li> <a href="/customers" class="text-base text-gray-500 hover:text-gray-900"> Success stories </a> </li> <li> <a href="/government" class="text-base text-gray-500 hover:text-gray-900"> Governments &amp; public sector </a> </li> <li> <a href="/recruitment-strategy" class="text-base text-gray-500 hover:text-gray-900"> Research recruitment strategies </a> </li> <li> <a href="/informed-consent-checklist" class="text-base text-gray-500 hover:text-gray-900"> Informed consent Checklist </a> </li> <li> <a href="/data-management-workshop" class="text-base text-gray-500 hover:text-gray-900"> Data management workshop </a> </li> <li> <a href="/accessibility-workshop" class="text-base text-gray-500 hover:text-gray-900"> Accessibility workshop </a> </li> <li> <a href="/blog" class="text-base text-gray-500 hover:text-gray-900"> Blog </a> </li> <li> <a href="/newsletter" class="text-base text-gray-500 hover:text-gray-900">Newsletter</a> </li> </ul> </div> <div> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase">Company</h3> <ul class="mt-4 space-y-4"> <li> <a href="/about-us" class="text-base text-gray-500 hover:text-gray-900"> About us </a> </li> <li> <a href="/legal" class="text-base text-gray-500 hover:text-gray-900"> Legal centre</a> </li> <li> <a href="/legal/gdpr" class="text-base text-gray-500 hover:text-gray-900"> GDPR</a> </li> <li> <a href="/legal/privacy" class="text-base text-gray-500 hover:text-gray-900">Privacy Policy</a> </li> <li> <a href="/security" class="text-base text-gray-500 hover:text-gray-900"> Security</a> </li> <li> <a href="/accessibility-statement" class="text-base text-gray-500 hover:text-gray-900"> Accessibility statement </a> </li> <li> <a href="/contact-us" class="text-base text-gray-500 hover:text-gray-900"> Contact us </a> </li> </ul> </div> <div> <h3 class="text-sm font-semibold text-gray-500 tracking-wider uppercase">Customers</h3> <ul class="mt-4 space-y-4"> <li> <a href="https://app.consentkit.com/sign-in" data-action="analytics#track" data-event-name="Sign In Clicked" class="text-base text-gray-500 hover:text-gray-900"> Sign in </a> </li> <li> <a href="/help" class="text-base text-gray-500 hover:text-gray-900"> Help centre </a> </li> <li> <a href="/docs/api" class="text-base text-gray-500 hover:text-gray-900"> API documentation </a> </li> <li> <a href="https://consentkit.statuspage.io/" class="text-base text-gray-500 hover:text-gray-900"> Service Status </a> </li> <li> <a href="/whats-new" class="text-base text-gray-500 hover:text-gray-900"> What's new </a> </li> </ul> </div> </div> <div class="mt-8 border-t border-gray-200 pt-8 md:grid md:grid-cols-2 gap-8 md:items-center"> <div> <a href="/" class="flex items-center"> <img class="h-6 sm:h-8" src="/assets/images/logo.svg" loading="lazy" alt="Consent Kit logo" width="30" height="40" /> <h3 class="md:block text-xl font-display font-medium pt-1 ml-2 whitespace-nowrap">Consent Kit</h3> </a> <p class="text-gray-500 text-base mt-2">The good user research platform</p> </div> <p class="mt-8 text-base text-gray-500 md:mt-0 md:text-right"> <span>&copy; 2025</span> Consent Kit Ltd. <a href="/imprint" class="border-b border-gray-500 hover:border-opacity-0 mx-6">Imprint</a> Made in Manchester, UK </p> </div> </div> </footer> </body> </html>