DreamCI · Legal
Cookie Policy
Last updated: 2026-05-22
This page lists every cookie the DreamCI Service may set on your device and the purpose each one serves. DreamCI does not use advertising or third-party tracking cookies.
1. Strictly necessary cookies
Set without consent because they are required for the Service to function (Recital 30 GDPR; PECR Reg. 6(4)(b)).
| Name | Purpose | Lifetime |
|---|---|---|
dreamci_session | Holds the opaque session token after sign-in. HttpOnly, Secure, SameSite=Lax. | 30 days |
dreamci_csrf | Double-submit CSRF token; required to authorise state-changing requests. Not HttpOnly so the SPA can echo it back. SameSite=Strict. | 30 days |
dreamci_oidc_state, dreamci_oidc_verifier, dreamci_oidc_nonce | Short-lived OIDC PKCE / anti-CSRF cookies set during the login redirect. Cleared at callback. | 10 minutes |
dreamci_cookie_consent | Records your cookie banner choice so we don’t show the banner again. | 1 year |
dreamci-ui-theme | Stored in localStorage, not a cookie. Persists your light/dark theme preference. | Until cleared |
2. Analytics
We currently do not run analytics or behavioural tracking. If we add an analytics cookie in the future it will only run after you opt in via the cookie banner or this preferences page.
3. Advertising
DreamCI does not run advertising and does not set advertising cookies. We do not sell or share personal data for cross-context behavioural advertising (CCPA / CPRA § 1798.140(ah)).
4. Update your preferences
Cookie preferences
Current setting: not chosenNecessary cookies cannot be disabled — they keep you signed in and guard against CSRF. We do not run advertising or behavioural tracking.
5. Contact
Questions about cookies: {{DPO_EMAIL}}.