Cookie Policy

Introduction

ChronoLedger is designed to keep tracking minimal. We do not load third-party advertising or remarketing tags. We do not use Google Analytics or Google Tag Manager. We do not display a cookie banner because we do not set or rely on any non-essential cookie or similar technology that would require one under the EU ePrivacy Directive Article 5(3) or its national equivalents.

This policy explains what we do set, all of it on a first-party basis, and supplements our Privacy Policy.

First-party storage

We use a small number of strictly necessary first-party browser mechanisms:

• Authentication cookies — HttpOnly session and CSRF cookies scoped to the application domain. Required for log-in to work.
• UI preferences in localStorage — your interface theme (light / dark) and locale (English / Thai). Required for the site to render in the language and theme you have chosen on subsequent visits.

None of the above is used for cross-site tracking. None is transmitted to any third party.

Analytics

We run Plausible analytics on our own infrastructure (self-hosted on the same European data centre that hosts the rest of the Service). Plausible is a privacy-respecting alternative to Google Analytics: it uses no cookies, sets no persistent identifiers in your browser, does not track you across sites, and stores no personally identifiable information. Page-view counts are aggregated and stored on our own servers; no analytics data leaves our infrastructure.

Because our analytics meets the EDPB and CNIL guidance for consent-exempt audience measurement, no consent banner is required for it. If you object to even this minimal aggregate measurement, most modern browsers honour the Global Privacy Control (GPC) and Do Not Track signals — we honour both at the server side and exclude such requests from analytics.

No third-party tracking

We do not load Google Tag Manager, Google Analytics, Facebook Pixel, LinkedIn Insight, TikTok Pixel, Hotjar, FullStory, Microsoft Clarity, Mouseflow, Smartlook, or any equivalent third-party tracker. We do not load Google Fonts; all fonts are self-hosted from our own domain. We do not load chat widgets or support bots that set third-party cookies.

The only resources fetched from outside our domain are infrastructure providers we list on our Subprocessors page — primarily Cloudflare for edge security. No advertising or marketing tag is loaded by default; if we ever add one, we will update this page and require informed consent at that time.

Email tracking

Transactional emails (sign-up confirmations, password resets, billing notices, security alerts) are delivered by Mailgun Technologies, Inc., configured to use the EU region where available. Open-tracking pixels and click-wrapped link redirects are disabled in the sending-domain configuration. We do not embed third-party tracking pixels in our emails, and we do not send marketing email — our communications are transactional only.