Skip to main content
FlintmereRun a free scan →

Cookies

Almost none. On purpose.

In plain English

The marketing site at flintmere.com sets no cookies. The scanner at audit.flintmere.com sets one functional cookie for CSRF protection. The Shopify app uses Shopify’s session cookie, scoped to the embedded admin. We do not use any third-party tracking, advertising, or cross-site analytics cookies, anywhere.

Last updated:

What is a cookie

A cookie is a small text file stored by your browser when you visit a website. We also group browser localStorage and server-issued session tokens under this policy, because privacy-wise they do the same thing.

Cookies on flintmere.com (marketing)

The marketing site sets no cookies. No analytics, no ad pixels, no A/B testing, no session storage. You can confirm this in your browser dev tools. If we ever add a strictly necessary cookie (for example, to remember a banner dismissal), we’ll update this page first.

Cookies on audit.flintmere.com (scanner)

The public scanner sets exactly one cookie:

Name

flintmere_csrf

Purpose

CSRF protection on the scan form and email submission.

Category

Strictly necessary (no consent required under PECR / UK GDPR).

Lifetime

Session (cleared when you close the tab).

Attributes

HttpOnly, Secure, SameSite=Lax

We do not set analytics or tracking cookies on the scanner. Scan results are stored server-side, indexed by a short random ID — that ID lives in the URL, not in a cookie.

Cookies in the Shopify app (app.flintmere.com)

The embedded Shopify app relies on Shopify’s own session token (issued by Shopify Admin) to authenticate requests. This is scoped to the Shopify admin and is not accessible from our marketing or scanner surfaces.

For product analytics we use Plausible (EU, cookieless). No cookies are set, no cross-site tracking is performed, no IPs are stored. Per ADR 0013.

What we do not use

  • No Google Analytics, Google Tag Manager, or Google Ads pixels
  • No Meta / Facebook pixel
  • No LinkedIn, TikTok, X, or Reddit pixels
  • No A/B testing or session-replay tools on the marketing site or scanner
  • No third-party chat widgets that set cookies
  • No fingerprinting or “cookieless” tracking workarounds

How to control cookies

The single functional cookie is required for the scanner to function. You can block all cookies in your browser settings, but the scanner form will refuse to submit. For any future non-essential cookie (we have none today), we will present a consent banner and honour GPC (Global Privacy Control) signals.

Questions

Write to privacy@flintmere.com if you find a cookie not listed here — it would be a bug.