Software Specifications
...
Legal Documents
Cookie Policy
Do We Store Cookies? πͺ
7min
With how strict the EU has become around privacy and cookies hereβs a breakdown based on EU ePrivacy Directive (aka the "Cookie Law") and GDPR:
- Type: Strictly necessary
- Legal status: β Allowed without consent
- Why: Itβs used purely for security (bot detection, DDoS protection) β not for tracking or advertising.
- Notes: You do not need a cookie banner or explicit user consent for this one, but you must disclose it in your privacy/cookie policy.
- Type: Strictly necessary (when used only for login/session)
- Legal status: β Allowed without consent, as the law allows for:
- Itβs use when used to maintain logged-in sessions
- It's use when it doesnβt track users across sites or store extra identifiable info
- Why: Functional cookies like this are essential for the service to work (e.g., logging in, staying authenticated).
- Does it store personal or tracking data?
- β No. This cookie only stores a session ID β not user data, PII, or tracking behavior.
- The actual user session data is stored server-side (e.g., in memory, Redis, or a DB), not in the cookie itself.
Cookie | Consent Required? | Legal if... |
|---|---|---|
__cf_bm | β No | Used for security, bot management only |
connect.sid | β No | Used strictly for login/session maintenance |
ο»Ώ
ο»Ώ
- β Keep a clear cookie/privacy policy that mentions both cookies.
- β You can mention to users that the service uses Cloudflare for protection and sessions for login.
- β We will always adhere to international laws to stay ISO27001 compliant and safe under EU rules. At the moment we only have a token for session handling, but if that were to change we would enforce the use of a Cookie Consent form.
ο»Ώ