Cookie Policy
Last updated: March 28, 2026
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the site to recognise your device on subsequent visits, remember your preferences, and provide a more consistent experience.
We also use related technologies including local storage and session storage, which function similarly but store data in your browser rather than as cookie files. References to "cookies" in this policy include these technologies unless stated otherwise.
This policy applies to all cookies set on the CPAM platform. It should be read alongside our Privacy Policy.
2. Your Consent
Under the EU ePrivacy Directive, UK PECR, and GDPR, we are required to obtain your consent before placing non-essential cookies on your device.
When you first visit CPAM, a cookie consent banner will appear. You may:
- Accept all — enables essential, analytics, and functional cookies
- Accept essential only — enables only strictly necessary cookies
- Manage preferences — choose which categories to enable
You may withdraw or change your consent at any time by clicking the "Cookie Preferences" link in the footer of any page. Strictly necessary cookies cannot be disabled as they are required for the Service to function.
3. Categories of Cookies We Use
Essential for the Service to function. Without these cookies, core features such as login, navigation, and security cannot work.
- Authentication and session management
- CSRF security tokens
- Cookie consent preference storage
- Load balancing and server routing
Enhance your experience by remembering choices you make and personalising the Service. Disabling these cookies may affect some features.
- Theme preference (dark/light mode)
- Language and locale settings
- Dismissed notifications and onboarding prompts
- Recently viewed or pinned items
Help us understand how users interact with the Service so we can improve it. Data collected is aggregated and does not identify individual users.
- Pages visited and time spent
- Features used and workflows completed
- Error rates and performance metrics
- Referral sources and navigation paths
4. Cookie Details
| Cookie Name | Category | Purpose | Duration |
|---|---|---|---|
| next-auth.session-token | Strictly Necessary | Maintains your authenticated session | 30 days |
| next-auth.csrf-token | Strictly Necessary | Protects against cross-site request forgery | Session |
| next-auth.callback-url | Strictly Necessary | Stores the post-login redirect URL | Session |
| cpam_cookie_consent | Strictly Necessary | Records your cookie consent preferences | 1 year |
| cpam_theme | Functional | Remembers your dark/light mode preference | 1 year |
| cpam_locale | Functional | Remembers your language preference | 1 year |
| cpam_onboarding_dismissed | Functional | Records dismissal of onboarding prompts | Persistent (localStorage) |
| _analytics_* | Analytics | Aggregated usage and performance tracking | Up to 2 years |
5. Third-Party Cookies
The following third-party services may set cookies when you use CPAM. Each provider operates under its own privacy policy:
| Provider | Purpose | Category | Policy |
|---|---|---|---|
| Stripe Inc. | Payment processing, fraud prevention | Strictly Necessary | stripe.com/privacy |
We do not use any advertising, retargeting, or marketing cookies. No third-party advertising networks have access to data collected through CPAM.
6. Managing Your Cookie Preferences
Cookie Preference Centre
You can review and update your cookie preferences at any time by clicking the "Cookie Preferences" link in the footer. Changes take effect immediately.
Browser Settings
All modern browsers allow you to control cookies through their settings:
- View and delete cookies already stored on your device
- Block cookies from specific websites or all websites
- Configure different rules for first-party vs third-party cookies
- Set cookies to expire at the end of each session
Refer to your browser's help documentation for instructions:
Important: Disabling strictly necessary cookies will prevent you from logging in and using the Service.
Do Not Track
Some browsers offer a "Do Not Track" (DNT) signal. There is currently no universal standard for how websites must respond to DNT signals. We honour your explicit cookie preferences set through our preference centre; for DNT signals specifically, we do not change our cookie behaviour at this time.
7. Changes to This Policy
We may update this Cookie Policy from time to time, for example when we add new cookies or change third-party providers. We will update the "Last updated" date and, where changes are material, notify you via the consent banner on your next visit so you can review and re-confirm your preferences.
8. Contact Us
If you have questions about our use of cookies, please contact us at privacy@cpam.io.