Legal

Cookie Policy

Last updated July 7, 2026

TemplateThis is a good-faith template drafted for an open-source project. It is not legal advice and must be reviewed and adapted by qualified counsel before you rely on it in production.

We keep this simple: the Custom Domain console uses only strictly-necessary, first-party cookies to sign you in and keep the app secure. We do not use advertising cookies or cross-site trackers, so there is nothing to consent to beyond acknowledging this notice.

1. The short version

  • Only strictly-necessary, first-party cookies.
  • No advertising, no cross-site tracking, no third-party analytics that profile you.
  • We honor Global Privacy Control (GPC) and Do-Not-Track signals.

2. What cookies are

Cookies are small files a site stores on your device. Similar technologies include localStorage. Under the ePrivacy rules, cookies that are strictly necessary to deliver a service you requested do not require prior consent; other cookies do. We use only the former.

3. Cookies and local storage we use

NameTypePurposeDuration
Session cookieStrictly necessary (first-party)Keeps you signed in to the console after authentication.Session / until expiry or sign-out
CSRF tokenStrictly necessary (first-party)Protects authenticated actions against cross-site request forgery.Session
cd_cookie_ackLocal storage (first-party)Remembers that you dismissed this cookie notice (or that your browser sent an opt-out signal), so we do not show it again.Until cleared

Exact cookie names are set by our authentication layer and may be prefixed for security. When you use the embedded widget on a customer's site, it operates with short-lived tokens rather than setting tracking cookies on their visitors.

4. What we do not use

We do not set advertising or marketing cookies, we do not use cross-site or cross-context tracking, and we do not embed third-party analytics that build a profile of you across sites. If that ever changes, we will update this policy and add a categorized, opt-in consent banner before setting any non-essential cookies.

5. Global Privacy Control and Do-Not-Track

If your browser sends a Global Privacy Control (GPC) or Do-Not-Track signal, we treat it as a standing privacy preference: our cookie notice is suppressed and the preference is remembered. Because we do not sell or share personal information or run non-essential trackers, there is nothing further to opt out of.

6. Managing cookies

You can control or delete cookies and local storage through your browser settings. Because our cookies are strictly necessary, blocking them may break sign-in and prevent the console from working, but it will not expose you to tracking.

7. Changes and contact

We will update this policy if our use of cookies changes. Questions: [email protected]. See also our Privacy Policy.