Legal

Cookie Policy

Last updated: 20 April 2026.

1. What we use cookies for

Keelr uses a minimal set of cookies. By default, only strictly necessary cookies are set - the ones the service cannot function without. We do not use analytics cookies, advertising cookies, or third-party tracking pixels.

2. Strictly necessary cookies

• sessionid - holds your authenticated session while you are signed in. Expires when you sign out or after the session timeout
• csrftoken - protects the forms on our site from cross-site request forgery. Expires when the browser session ends

Both are first-party cookies set with HttpOnly, Secure, and SameSite=Lax attributes. Neither can be read by JavaScript on our pages.

3. Cookies we do not use

• No Google Analytics, Plausible, Matomo, or any other analytics tag
• No Facebook, LinkedIn, or Google advertising pixels
• No A/B testing tools, heatmaps, or session replay services
• No third-party fonts, scripts, or CDN assets (everything is self-hosted)

This is a deliberate architectural choice, not a temporary one. Our Content Security Policy blocks third-party requests entirely.

4. How to manage cookies

Because we only set strictly necessary cookies, there is no cookie banner - under current EU guidance, no consent is required for cookies that are essential to deliver a service you explicitly requested.

You can still block or delete the cookies we set from your browser settings. If you block them, you will not be able to sign in to the portal or submit forms.

5. If this changes

If we ever add a non-essential cookie or analytics category, we will do so behind an explicit consent banner and update this Policy at least 30 days before the change takes effect. We will notify existing account holders by email.

6. Contact

Cookie questions: privacy@keelr.co.