Cookie Policy
Last updated: 20 April 2026
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device on subsequent visits and remember preferences or session state. We also use localStorage as a fallback storage mechanism for the same purposes.
2. Cookies on cookieoffice.com
Our own website and dashboard use only strictly necessary cookies. We do not use advertising or third-party tracking cookies on our own properties.
| Name | Purpose | Duration | Type |
|---|---|---|---|
| authjs.session-token | Maintains your logged-in session in the dashboard | 30 days | Necessary |
| authjs.csrf-token | CSRF protection for authentication forms | Session | Necessary |
| authjs.callback-url | Stores the redirect URL after login | Session | Necessary |
Strictly necessary cookies do not require consent under ePrivacy Directive Art. 5(3).
3. Cookies set by the CookieOffice SDK on your visitors' devices
When you install the CookieOffice SDK on your website, it places cookies and localStorage entries on your visitors' devices to store their consent decisions. These cookies are first-party (set on your domain, not ours).
| Name | Purpose | Duration | Type |
|---|---|---|---|
| co_consent | Stores the visitor's consent choices (category preferences, version, timestamp) | 12 months | Necessary* |
| co_vid | Pseudonymous visitor identifier used to deduplicate consent records in audit logs | 12 months | Necessary* |
* Consent storage cookies are considered strictly necessary for the functioning of the consent management system itself. They contain no advertising or tracking data and are required to remember the visitor's choice so the banner is not shown on every page load. They do not track browsing behaviour.
The visitor identifier (co_vid) is a random UUID generated client-side. It is one-way hashed before being stored server-side. It cannot be used to identify the visitor across different websites.
4. Third-party scripts blocked by the SDK
The CookieOffice SDK automatically blocks over 100 known third-party tracking scripts (Google Analytics, Google Ads, Meta Pixel, TikTok Pixel, LinkedIn Insight, Hotjar, and others) until the visitor grants consent for the relevant category. Once consent is given, those scripts are loaded and may set their own cookies. The cookie behaviour of those third-party scripts is governed by the respective providers' privacy policies.
5. Managing your cookie preferences
You can manage your cookie preferences on any website using our SDK by clicking the "Cookie Settings" button (usually in the footer) at any time.
You can also control cookies through your browser settings. Most browsers allow you to:
- View and delete individual cookies
- Block third-party cookies
- Block cookies from specific sites
- Block all cookies (note: this will break login functionality on most websites)
Browser-level instructions: Chrome · Firefox · Safari · Edge — search "manage cookies" + your browser name for up-to-date instructions.
6. Changes to this policy
We may update this Cookie Policy from time to time. The "last updated" date at the top of this page will reflect any changes. Material changes will be announced in the dashboard or by email.
7. Contact
Questions about cookies? Contact us at [email protected].