Cookie Policy

Last Updated: June 2026 | Version: v2.4-phase 2

1. What Are Cookies?

Cookies are small text files stored on your device to enable functionality, analyse usage, and deliver marketing. We also use similar technologies such as web beacons and local storage where necessary to provide our services.

2. How We Use Cookies

We use cookies strictly within the following categories. No cookie or tracking mechanism is used to enumerate system topology, probe internal infrastructure, or map non-public endpoints:

  • Strictly Necessary (Functional): Required for authentication, session management, and platform operation. These cannot be disabled.
  • Analytics: Anonymous, aggregated usage data only. No individual user tracking or session replay.
  • Marketing: Set only with your explicit consent via our cookie banner.

All cookies and similar technologies are confined to their documented purpose. We do not use tracking mechanisms for unauthorised system discovery, fingerprinting of non-public infrastructure, or any purpose that would compromise platform security.

3. Consent and Control

  • Strictly Necessary: Set without consent — essential for platform function and security.
  • Non-Essential (Analytics, Marketing): Require your explicit consent via our cookie banner. You may withdraw consent at any time.
  • You may also manage cookies through your browser settings.

4. Security and Integrity

We design our cookie and tracking usage to protect both your privacy and our platform security:

  • No cookie reveals internal system architecture, resource naming conventions, or non-public endpoint paths.
  • All cookies are scoped to the minimum domain and path required for their function.
  • Session cookies use HttpOnly and Secure flags where applicable to prevent client-side script access.
  • We do not permit third-party scripts to set cookies that could be used to map our infrastructure or probe for vulnerabilities.

5. Third-Party Services

We engage limited third-party sub-processors who may set their own cookies or similar technologies. Each is contractually bound to use them only for their stated service purpose and not for independent data collection or infrastructure probing. For a list of sub-processors, see our DPA Template.

6. Managing Cookies

You can manage cookie preferences:

  • Through our Cookie Consent Banner on your first visit (and any time via the banner)
  • Through your browser settings (block or delete cookies)
  • Via your account settings (if logged in)

7. Changes to This Policy

We may update this policy; the latest version will be posted on our site. Material changes will be notified via email or platform notice.

8. Contact

For questions, email: admin@compliance-engine.io

Data Protection Officer: dpo@compliance-engine.io