No tracking. Just sessions.

1. What is a cookie

A cookie is a small text file your browser stores when you visit a website. They're used for everything from "remember my language" to "track me across 30 sites for ad targeting". We only use the boring, strictly-necessary kind.

2. What we use

Session cookie

• Name: cerberops_session
• Purpose: keeps you signed in while you use the dashboard
• Lifetime: 2 hours of inactivity, or "remember me" checkbox extends it to 30 days
• HTTP-only: yes (JavaScript can't read it)
• Secure: yes (only sent over HTTPS)
• SameSite: Lax

CSRF cookie

• Name: XSRF-TOKEN
• Purpose: protects forms from cross-site request forgery attacks
• Lifetime: same as session

Impersonation cookie (super-admin only)

• Name: impersonator_id (stored in session, not a separate cookie)
• Purpose: lets a Cerberops super-admin investigate a customer issue while preserving the ability to return to the original session in one click
• Lifetime: only while impersonation is active

3. What we don't use

• ❌ Google Analytics, Mixpanel, Segment, Amplitude, or any analytics tracker
• ❌ Advertising cookies (Google Ads, Meta Pixel, etc.)
• ❌ Heatmap / session replay tools (Hotjar, FullStory)
• ❌ Third-party A/B testing cookies
• ❌ Social media tracking pixels
• ❌ Anything that could profile you across sites

If we ever add an analytics tool, it will be self-hosted (Plausible or PostHog OSS), respect Do-Not-Track, and either work without cookies entirely or be opt-in.

4. Manage cookies

Since we only use strictly-necessary cookies, the only ways to opt out are:

• Sign out — clears the session cookie
• Browser settings — delete cookies for cerberops.io from your browser's privacy settings
• Don't use Cerberops — the application requires the session cookie to function

Questions? duty@cerberops.io