DreamCI · Legal

Cookie Policy

Last updated: 2026-05-22

This page lists every cookie the DreamCI Service may set on your device and the purpose each one serves. DreamCI does not use advertising or third-party tracking cookies.

1. Strictly necessary cookies

Set without consent because they are required for the Service to function (Recital 30 GDPR; PECR Reg. 6(4)(b)).

NamePurposeLifetime
dreamci_sessionHolds the opaque session token after sign-in. HttpOnly, Secure, SameSite=Lax.30 days
dreamci_csrfDouble-submit CSRF token; required to authorise state-changing requests. Not HttpOnly so the SPA can echo it back. SameSite=Strict.30 days
dreamci_oidc_state, dreamci_oidc_verifier, dreamci_oidc_nonceShort-lived OIDC PKCE / anti-CSRF cookies set during the login redirect. Cleared at callback.10 minutes
dreamci_cookie_consentRecords your cookie banner choice so we don’t show the banner again.1 year
dreamci-ui-themeStored in localStorage, not a cookie. Persists your light/dark theme preference.Until cleared

2. Analytics

We currently do not run analytics or behavioural tracking. If we add an analytics cookie in the future it will only run after you opt in via the cookie banner or this preferences page.

3. Advertising

DreamCI does not run advertising and does not set advertising cookies. We do not sell or share personal data for cross-context behavioural advertising (CCPA / CPRA § 1798.140(ah)).

4. Update your preferences

Cookie preferences

Current setting: not chosen

Necessary cookies cannot be disabled — they keep you signed in and guard against CSRF. We do not run advertising or behavioural tracking.

5. Contact

Questions about cookies: {{DPO_EMAIL}}.