Cookies are small text files stored on your device when you visit a
website. They serve various purposes such as keeping you logged in,
remembering preferences, and protecting against cross-site attacks.
Not all cookies are the same. Functional cookies are
strictly necessary for a website to work properly. Tracking cookies follow your behavior across websites for advertising
purposes. These two categories are treated very differently under Dutch and
European law.
2. Cookies we use
deploybase uses only functional cookies that are strictly necessary
for the platform to work. We use the minimum number of cookies required.
Cookie
Purpose
Type
Duration
authjs.session-token
Keeps you logged in. Contains your encrypted session so you don't
have to sign in on every page.
Functional
24 hours
authjs.csrf-token
Protects against cross-site request forgery (CSRF) attacks. Ensures
that form submissions come from our site, not a malicious third
party.
Functional
Session
authjs.callback-url
Temporarily stores the page you were visiting before logging in, so
you can be redirected back after authentication.
Functional
Session
authjs.pkce.code_verifier
Used during sign-in to secure the authentication exchange (PKCE).
Prevents authorization code interception attacks.
Functional
Session
authjs.state
Protects the sign-in flow against cross-site request forgery by
verifying the authentication response matches the original request.
Functional
Session
authjs.nonce
Ensures the identity token received after sign-in was issued
specifically for this authentication request. Prevents replay
attacks.
Functional
Session
All cookies are HttpOnly (not accessible to JavaScript), Secure (only sent over HTTPS), and SameSite (not sent with cross-site requests). These
settings provide the strongest protection against cookie theft and
cross-site attacks. In production, cookies are prefixed with __Secure- (e.g., __Secure-authjs.session-token) to enforce the browser's
HTTPS-only constraint at the cookie name level.
3. No tracking cookies
deploybase does not use:
Advertising or marketing cookies
Third-party analytics that track individual users
Social media tracking pixels
Fingerprinting or any other cross-site tracking technology
Because we only use functional cookies, no cookie consent banner is required under the Dutch Telecommunicatiewet and the ePrivacy Directive. You do not need
to accept or reject cookies to use deploybase.
4. Third-party cookies
deploybase does not load any third-party scripts that set cookies. Our
authentication provider (Zitadel) is self-hosted on our own
infrastructure, so no cookies are shared with external identity providers.
Sites hosted on deploybase (*.sites.deploybase.eu) are served
via Bunny.net CDN. Bunny.net does not set tracking cookies on
CDN-delivered content.
5. Managing cookies
You can delete or block cookies through your browser settings. However,
because our cookies are strictly functional, disabling them will prevent
you from logging in and using the platform.
Most browsers allow you to manage cookies through:
Settings → Privacy & Security → Cookies (varies by browser)
Developer Tools → Application → Cookies to inspect
individual cookies
6. Legal basis
Under Article 11.7a of the Dutch Telecommunicatiewet (implementing the EU
ePrivacy Directive), cookies that are strictly necessary for a service explicitly requested by the user are exempt from the consent requirement.
All cookies used by deploybase fall under this exemption. They are
necessary for authentication and security — core functions that you
explicitly request when you sign in.
For more details on how we handle your personal data, see our Privacy Policy.
7. Changes to this policy
If we start using non-functional cookies in the future, we will update
this policy and implement a cookie consent mechanism that meets the
requirements of the Telecommunicatiewet and GDPR. You would be asked for
explicit consent before any non-essential cookies are placed.