This page lists every category of cookie this Website can set and what each does. Default-deny applies: nothing beyond strictly-necessary cookies runs until you click Accept (or toggle a category on in the Manage panel) on the cookie banner.
Open the banner anytime via the "Cookie preferences" link in the footer of any page. Your choice persists in xeeed_cookie_consent for 12 months and you can withdraw or change it whenever you like. Aligned to the Digital Personal Data Protection Act 2023 (India), the EU GDPR, the UK GDPR, and the CCPA / CPRA opt-out expectations for California residents.
Strictly necessary
These run for everyone. Without them sign-in, captcha, and form submissions break. They cannot be turned off.
- Sign-in session. Keeps Xeeed IO administrators signed in to the admin area. Cookie name: payload-token. http-only, expires when the browser session ends.
- Form security. Prevents cross-site form-submission attacks (CSRF). Generated per request, not stored long-term.
- Bot mitigation and captcha. Keeps the captcha working when you submit a public form. Set by Cloudflare during captcha solve. Cookies: cf_bm and Turnstile state. Lasts 30 minutes.
- Your cookie choice. Remembers which cookie categories you accepted so the banner does not re-appear on every page. Cookie name: xeeed_cookie_consent. Lasts 12 months. SameSite=Lax, Secure on HTTPS.
Analytics · opt-in
Off by default. Toggle on from the banner if you would like to help us see which pages help or hinder visitors. Aggregate counts only; never sold, never combined with personal identifiers.
- Google Analytics 4. Anonymous page-view counts. Cookie names: _ga and _ga_* (per-property). Lasts 13 months. IP anonymisation enabled at config time.
- Plausible (when enabled). Cookieless first-party analytics. No individual storage; aggregate counts only.
Marketing · opt-in
Off by default. Reserved for if we add LinkedIn / X conversion pixels in the future for outbound campaigns. Toggle off to opt out preemptively. Currently this category sets nothing.
Always-on, cookieless
A first-party page-view beacon hits /api/page-views with the path you visited and a timestamp. It writes one aggregate (path, day, count) row per day per path; no cookie is set, no IP is stored against the row. This is anonymous statistical processing under DPDP / GDPR Recital 26 and runs regardless of your cookie choice. Disclosed here for transparency.
What we never use
- No third-party advertising cookies.
- No cross-site tracking pixels.
- No browser fingerprinting.
- No data sale or onward transfer to data brokers.
- No sharing of personal information for cross-context behavioural advertising under the CCPA / CPRA.
Sub-processors
A short list of categories of vendors that may receive personal data is disclosed in our Privacy Policy at /privacy. The vendor that processes the cookies above today is identified inline (Cloudflare for bot-mitigation cookies, Google for GA4 if you opt in to analytics).
Withdraw or change your choice
Click the "Cookie preferences" link in the footer of any page to re-open the consent banner. Reject all is presented with equal prominence to Accept all in the banner; you can change category-by-category from the Manage panel.
For data-subject requests under DPDP Act 2023 / GDPR / UK GDPR / CCPA / CPRA, submit a request through our contact form at https://www.xeeed.io/contact and select "Privacy / data request" as the topic. We acknowledge within 7 days and respond substantively within 30 days.