Cookie Policy

Cookies are small text files stored by a browser at the request of a website or service provider. They can be used for many purposes, including session management, security, analytics, advertising, personalization, and remembering user preferences. Some cookies are necessary for a service to function safely, while others are optional and require consent under European privacy and ePrivacy rules.

CESIOME is built around a data-minimal philosophy. The service does not require accounts, behavioral advertising, social media tracking, or analytics profiles to deliver a symbolic digital certificate. For that reason, CESIOME avoids optional cookies and uses only the strictly necessary security cookie described below.

Cookie minimization also reduces the need for intrusive consent banners. CESIOME does not want users to choose between accepting tracking and using the product. The current approach is to keep the security layer necessary for availability and abuse prevention while avoiding optional measurement or advertising technologies entirely.

The only cookie used by CESIOME is __cf_bm. Its provider is Cloudflare Inc, United States. Its purpose is bot management and automated abuse prevention, including distinguishing ordinary browser traffic from automated requests that could overload the service, abuse moderation endpoints, attack the Reserved Entity intake flow, or interfere with certificate delivery.

• Name: __cf_bm.
• Provider: Cloudflare Inc, United States.
• Purpose: bot management and automated abuse prevention.
• Duration: 30 minutes TTL, refreshed on activity.
• Category: Strictly Necessary.
• Legal basis: Article 6(1)(f) GDPR legitimate interest in service security, plus the ePrivacy Directive Article 5(3) strictly necessary exemption, so no consent banner is required.
• Cross-border transfer: yes, Cloudflare operates a global network; Standard Contractual Clauses under Article 46(2)(c) GDPR apply.
• Can be disabled: yes, through browser privacy settings, but doing so may impair bot protection and service accessibility.

CESIOME does not currently use analytics cookies, marketing cookies, profiling cookies, social media tracking pixels, third-party advertising trackers, retargeting tags, affiliate tracking cookies, or behavioral measurement cookies. CESIOME does not use Google Analytics, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, or comparable advertising technologies in the current service.

If privacy-focused analytics such as Plausible Analytics or Fathom Analytics are introduced in the future, this Cookie Policy will be updated first. Where consent is legally required, CESIOME will request it before setting non-essential cookies or comparable tracking technologies.

CESIOME also does not use local storage, session storage, or browser fingerprinting as a substitute for marketing cookies. Security providers may process technical signals to detect automated abuse, but CESIOME does not configure those signals for advertising profiles.

Most browsers allow users to manage, delete, restrict, or block cookies through privacy or security settings. Browser controls may apply to all websites, to specific websites, or to particular cookie categories depending on the browser. Users can also clear existing cookies and configure stricter defaults for future visits.

Blocking strictly necessary cookies can affect service functionality. For CESIOME, blocking __cf_bm may cause Cloudflare bot management to challenge, delay, or deny requests that cannot be distinguished from automated traffic. CESIOME cannot guarantee that all features will remain accessible if security cookies are blocked.

CESIOME may update this Cookie Policy if its cookie use, CDN configuration, analytics posture, hosting setup, or legal obligations change. The "Last updated" date at the top of this page identifies the current version. Material changes will be reflected before new optional cookies are introduced where practical.

Questions about cookies or related privacy controls can be sent to cesiome@pm.me.