ComplianceMonitor.io
Legal

Cookie Policy

We audit other people's cookies for a living, so we've kept our own to the absolute minimum. This page lists every single thing we store on your device.

Last updated 26 May 2026 · No third-party trackers

What cookies are

Cookies are tiny text files a website asks your browser to keep, then reads back on the next page-load. They're what lets a site remember you're logged in, or remember which language you prefer.

Cookies are not inherently bad. The problem is when they're set without consent for tracking — that's exactly what we built ComplianceMonitor.io to detect on other sites. We are very serious about not doing it on ours.

Strictly necessary cookies

Our marketing site (compliancemonitor.io) sets no cookies of any kind. None. Open your browser's DevTools — Application → Cookies — and you'll find the list empty.

The dashboard (app.compliancemonitor.io) is a different story — it has to remember you're signed in. It sets exactly two cookies, both classified as strictly necessary under ePrivacy Directive Art. 5(3), meaning they do not require consent.

NamePurposeLifetimeAttributes
cm_sessionKeeps you signed in to the dashboard.Session — deleted when you close the browserHttpOnly · Secure · SameSite=Lax
cm_csrfProtects against cross-site request forgery.Session — deleted when you close the browserSecure · SameSite=Strict

That's the complete list. If you ever audit our domains with ComplianceMonitor.io itself — please do — these are the only cookies you'll find, and they'll be on the strictly-necessary list.

Local storage we use

In addition to cookies, the marketing site uses your browser's localStorage to remember small, non-identifying preferences. Nothing here is sent to our servers.

KeyStoresWhy
cm_langOne of: en, elRemembers your chosen language across visits

Third-party cookies

There are none. We use no Google Analytics, no Meta Pixel, no Hotjar, no Intercom widget, no LinkedIn Insight Tag, no Microsoft Clarity. If we ever add an analytics tool, it will be a self-hosted, privacy-respecting one (Plausible or similar) and we will update this page and the Privacy Policy before it goes live.

The compliance badge we host on cdn.compliancemonitor.io is a static SVG image. It sets no cookies and runs no JavaScript on pages that embed it.

Managing & deleting cookies

You can delete any cookie at any time, and configure your browser to block them altogether. Blocking cm_session and cm_csrf will prevent you from signing in to the dashboard, but won't affect anything on the marketing site.

Direct links to instructions for the major browsers:

Changes to this policy

If we ever add a new cookie, change the purpose of an existing one or introduce any form of analytics, we will update this page at least 30 days in advance. The date at the top of the page is always current.

Contact

If you spot a cookie on our site that isn't listed here, that's a bug. Please tell us: