Cookie Policy
We audit other people's cookies for a living, so we've kept our own to the absolute minimum. This page lists every single thing we store on your device.
Last updated 26 May 2026 · No third-party trackers
What cookies are
Cookies are tiny text files a website asks your browser to keep, then reads back on the next page-load. They're what lets a site remember you're logged in, or remember which language you prefer.
Cookies are not inherently bad. The problem is when they're set without consent for tracking — that's exactly what we built ComplianceMonitor.io to detect on other sites. We are very serious about not doing it on ours.
Strictly necessary cookies
Our marketing site (compliancemonitor.io) sets no cookies of any kind. None. Open your browser's DevTools — Application → Cookies — and you'll find the list empty.
The dashboard (app.compliancemonitor.io) is a different story — it has to remember you're signed in. It sets exactly two cookies, both classified as strictly necessary under ePrivacy Directive Art. 5(3), meaning they do not require consent.
| Name | Purpose | Lifetime | Attributes |
|---|---|---|---|
cm_session | Keeps you signed in to the dashboard. | Session — deleted when you close the browser | HttpOnly · Secure · SameSite=Lax |
cm_csrf | Protects against cross-site request forgery. | Session — deleted when you close the browser | Secure · SameSite=Strict |
That's the complete list. If you ever audit our domains with ComplianceMonitor.io itself — please do — these are the only cookies you'll find, and they'll be on the strictly-necessary list.
Local storage we use
In addition to cookies, the marketing site uses your browser's localStorage to remember small, non-identifying preferences. Nothing here is sent to our servers.
| Key | Stores | Why |
|---|---|---|
cm_lang | One of: en, el | Remembers your chosen language across visits |
Third-party cookies
There are none. We use no Google Analytics, no Meta Pixel, no Hotjar, no Intercom widget, no LinkedIn Insight Tag, no Microsoft Clarity. If we ever add an analytics tool, it will be a self-hosted, privacy-respecting one (Plausible or similar) and we will update this page and the Privacy Policy before it goes live.
The compliance badge we host on cdn.compliancemonitor.io is a static SVG image. It sets no cookies and runs no JavaScript on pages that embed it.
Managing & deleting cookies
You can delete any cookie at any time, and configure your browser to block them altogether. Blocking cm_session and cm_csrf will prevent you from signing in to the dashboard, but won't affect anything on the marketing site.
Direct links to instructions for the major browsers:
Changes to this policy
If we ever add a new cookie, change the purpose of an existing one or introduce any form of analytics, we will update this page at least 30 days in advance. The date at the top of the page is always current.
Contact
If you spot a cookie on our site that isn't listed here, that's a bug. Please tell us:
- Email: hello@compliancemonitor.io