nkovalcin
Book a call
← Back to nkovalcin.com
Legal · Cookie policy

Cookie policy.

At launch this site sets exactly one cookie — strictly for the admin dashboard after login. No analytics, no Google or Meta pixels, no session recording, no A/B fingerprinting for visitors. If that changes later, this page is the first thing that updates.

What we set

nk_admin_session
Strictly necessary. Iron-session encrypted login cookie for /admin. 7-day TTL, HttpOnly, Secure in production, SameSite=Lax. Only set after Norbert logs in. Does not get set for any public visitor.

Under the ePrivacy Directive (2002/58/EC) strictly-necessary cookies don't require prior consent — they're the technical minimum to operate the service for the logged-in administrator. We still disclose it here so the policy is complete.

What we explicitly don't set

  • No Google Analytics / GA4. No _ga, _gid, _gat, or Google Ads identifiers.
  • No Meta / Facebook Pixel. No _fbp, fr.
  • No Vercel Analytics / Speed Insights in the default build. (Can be enabled with documented consent gating if needed.)
  • No session replay / heatmap tools. No Hotjar, FullStory, LogRocket, Microsoft Clarity.
  • No retargeting pixels. No LinkedIn Insight Tag, Reddit Pixel, TikTok Pixel.
  • No third-party fonts loading from CDN. Fonts (Outfit + Monaspace Neon) are self-hosted via next/font/google and next/font/local at build time — no runtime request to Google's or any other font servers, no IP logged there.

Third-party embeds

Currently zero. No YouTube players, no Vimeo, no Twitter embeds, no Calendly. Discovery-call booking is native — slots live in our own Postgres, the Book a call CTA opens an in-page widget, no third-party script runs and no cookies are set by the booking flow.

If Conseto analytics is added later

Conseto is my own first-party analytics product, EU-hosted, with consent-mode baked in by construction. If/when it's deployed on this site, this page will list the exact cookies (or localStorage keys) it uses, and a consent banner will be introduced at the same commit. No surprise drops.

Opting out

Nothing to opt out of for public visitors today. If analytics cookies get added later, you'll see a consent dialog before any cookie is set. Admin session cookie can be cleared in your browser's dev tools (Application → Cookies → localhost or nkovalcin.com) at any time.

Last updated 2026-04-23Audit scope · full site / no analytics