Colistor

Colistor
Apps Pricing Blog Support Legal

Cookie Policy

Last Updated: November 1, 2025

1. Introduction

This Cookie Policy explains how Colistor ("the Service") uses cookies and similar technologies. Since this is a self-hosted application, you control what cookies are used and how they are configured.

2. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember information about your visit, making your next visit easier and the site more useful to you.

3. How We Use Cookies

The Service uses cookies for the following purposes:

3.1 Essential Cookies (Strictly Necessary)

These cookies are required for the Service to function and cannot be disabled:

Session Management

  • Purpose: Authenticate users and maintain login sessions
  • Type: Session cookie (deleted when browser closes)
  • Name: `quarkus-session-id` (or similar)
  • Data Stored: Session identifier (no personal data)
  • Legal Basis: Necessary for contract performance (GDPR Article 6(1)(b))

Security

  • Purpose: Prevent Cross-Site Request Forgery (CSRF) attacks
  • Type: Session cookie
  • Name: `csrf-token` (if implemented)
  • Data Stored: Random security token
  • Legal Basis: Legitimate interest in security (GDPR Article 6(1)(f))

3.2 Functional Cookies (Optional)

These cookies enhance functionality and can be disabled:

User Preferences

  • Purpose: Remember user settings and preferences
  • Type: Persistent cookie
  • Duration: 1 year (configurable)
  • Data Stored: Theme, language, display preferences
  • Legal Basis: Consent (GDPR Article 6(1)(a)) or Legitimate Interest

Remember Me

  • Purpose: Keep users logged in across browser sessions
  • Type: Persistent cookie
  • Duration: 30 days (configurable)
  • Data Stored: Encrypted authentication token
  • Legal Basis: Consent (GDPR Article 6(1)(a))

3.3 Analytics Cookies (Optional, if enabled)

If you enable analytics in your deployment:

  • Purpose: Understand how users interact with the Service
  • Type: Persistent cookie
  • Duration: Varies by configuration
  • Data Stored: Usage statistics, page views, interaction data
  • Legal Basis: Consent (GDPR Article 6(1)(a))
  • Note: Requires explicit user consent in EU/EEA and Switzerland

4. Third-Party Cookies

The Service itself does not use third-party cookies. However, if you integrate third-party services (e.g., external authentication providers, analytics services), those services may set their own cookies. You are responsible for:

  • Informing users about third-party cookies
  • Obtaining necessary consents
  • Providing links to third-party privacy policies
  • Ensuring third-party compliance with applicable laws

5. GDPR Compliance

5.1 Consent Requirements

Under GDPR ePrivacy Directive and GDPR Article 6(1)(a):

  • Essential cookies: No consent required
  • Non-essential cookies: Explicit consent required before setting

5.2 Cookie Consent Implementation

Your deployment should:

  • Obtain explicit consent before setting non-essential cookies
  • Provide clear information about each cookie type
  • Allow users to accept/reject different cookie categories
  • Allow users to withdraw consent at any time
  • Keep records of consent given

5.3 Cookie Banner Requirements

If serving users in the EU/EEA, implement a cookie banner that:

  • Appears before non-essential cookies are set
  • Clearly explains what cookies are used and why
  • Provides granular control over cookie categories
  • Includes a link to this Cookie Policy
  • Allows users to reject all non-essential cookies
  • Does not use pre-ticked boxes

6. Swiss Law Compliance

Under Swiss Federal Act on Data Protection (FADP) and Swiss Telecommunications Act:

6.1 Information Requirements

  • Inform users about cookie usage
  • Explain purposes of data processing
  • Provide opt-out mechanisms for non-essential cookies

6.2 Consent

  • Obtain consent for non-essential cookies
  • Ensure consent is freely given, specific, and informed
  • Allow users to withdraw consent

7. Managing Cookies

7.1 Through the Service

Users can manage cookies through the Service:

1. Access cookie settings in user preferences

2. Select which types of cookies to allow

3. Save preferences (an essential cookie stores this choice)

7.2 Through Browser Settings

Users can also control cookies through their browser:

Google Chrome

1. Settings → Privacy and security → Cookies and other site data

2. Choose cookie preferences or block specific sites

Mozilla Firefox

1. Options → Privacy & Security → Cookies and Site Data

2. Configure cookie settings and exceptions

Safari

1. Preferences → Privacy → Cookies and website data

2. Choose cookie blocking level

Microsoft Edge

1. Settings → Cookies and site permissions → Cookies and site data

2. Configure cookie preferences

7.3 Clearing Cookies

To delete existing cookies:

  • Use browser settings to clear browsing data
  • Select "Cookies and other site data"
  • Note: This will log you out and reset preferences

8. Cookie List

Here is a comprehensive list of cookies that may be used:

| Cookie Name | Purpose | Type | Duration | Category |

|-------------|---------|------|----------|----------|

| `quarkus-session-id` | Session management | Session | Session | Essential |

| `csrf-token` | Security (CSRF protection) | Session | Session | Essential |

| `remember-me` | Persistent login | Persistent | 30 days | Functional |

| `user-preferences` | Store user settings | Persistent | 1 year | Functional |

| `cookie-consent` | Remember cookie preferences | Persistent | 1 year | Essential |

| `analytics-tracking` | Usage analytics (if enabled) | Persistent | Varies | Analytics |

Note: The actual cookies depend on your deployment configuration and enabled features.

9. Local Storage and Similar Technologies

In addition to cookies, the Service may use:

9.1 Local Storage

  • Purpose: Store larger amounts of data locally (e.g., offline support, caching)
  • Data Stored: Application state, cached data
  • Duration: Until manually cleared
  • Legal Basis: Same as cookies (essential vs. consent-required)

9.2 Session Storage

  • Purpose: Temporary data storage during browsing session
  • Data Stored: Temporary application state
  • Duration: Session only
  • Legal Basis: Essential for functionality

10. Do Not Track (DNT)

Some browsers offer a "Do Not Track" (DNT) signal. The Service's response to DNT:

  • The Service respects DNT signals for analytics tracking
  • Essential cookies will still be used (required for functionality)
  • You can configure your deployment's DNT handling

11. Cookie Retention

  • Session cookies: Deleted when browser closes
  • Persistent cookies: Retained until expiration or manual deletion
  • Security cookies: Rotated regularly for security

12. Updates to This Policy

This Cookie Policy may be updated to reflect:

  • Changes in cookie usage
  • New features or functionality
  • Legal or regulatory changes
  • User feedback and best practices

Check the "Last Updated" date at the top of this policy.

13. Your Rights

Under GDPR and Swiss law, you have the right to:

  • Know what cookies are being used
  • Object to non-essential cookies
  • Withdraw consent at any time
  • Access cookie-related data
  • Request deletion of cookie data

14. Contact Information

For questions about cookie usage in your specific deployment, contact your instance administrator.

For questions about this Cookie Policy template, contact Colistor through official support channels.

15. Recommendations for Administrators

If you operate a Colistor instance:

15.1 Implementation Checklist

  • [ ] Implement cookie consent mechanism
  • [ ] Create cookie banner with clear information
  • [ ] Provide granular cookie controls
  • [ ] Document all cookies used
  • [ ] Keep consent records
  • [ ] Implement cookie preference storage
  • [ ] Provide easy opt-out mechanisms
  • [ ] Regularly audit cookie usage

15.2 Best Practices

  • Minimize cookie usage
  • Use essential cookies only when truly necessary
  • Set appropriate expiration periods
  • Encrypt sensitive cookie data
  • Implement secure cookie flags (HttpOnly, Secure, SameSite)
  • Regularly review and update cookie inventory
  • Conduct privacy impact assessments

15.3 Documentation

Maintain documentation of:

  • All cookies used by your instance
  • Purpose and legal basis for each cookie
  • Data stored in cookies
  • Retention periods
  • Third-party cookies (if any)
  • Consent mechanisms implemented

16. Legal Disclaimer

This Cookie Policy is provided as a template for self-hosted deployments. Actual cookie usage and legal requirements depend on your specific deployment, configuration, and jurisdiction. Consult with legal counsel to ensure compliance with applicable laws, including:

  • EU ePrivacy Directive (Cookie Law)
  • GDPR (General Data Protection Regulation)
  • Swiss Federal Act on Data Protection (FADP)
  • Swiss Telecommunications Act
  • Other applicable local regulations

You are solely responsible for ensuring your cookie practices comply with all applicable laws in your jurisdiction and for your users' locations.

Back to Legal Overview