nkovalcin
Call
← Back to nkovalcin.com
Legal · Cookie policy

Cookie policy.

At launch this site sets exactly one cookie — strictly for the admin dashboard after login. No analytics, no Google or Meta pixels, no session recording, no A/B fingerprinting for visitors. If that changes later, this page is the first thing that updates.

What we set

nk_admin_session
Strictly necessary. Iron-session encrypted login cookie for the admin area. 7-day TTL, HttpOnly, Secure in production, SameSite=Lax. Only set after Norbert logs in. Does not get set for any public visitor.

Under the ePrivacy Directive (2002/58/EC) strictly-necessary cookies don't require prior consent — they're the technical minimum to operate the service for the logged-in administrator. We still disclose it here so the policy is complete.

What we explicitly don't set

  • No Google Analytics / GA4. No _ga, _gid, _gat, or Google Ads identifiers.
  • No Meta / Facebook Pixel. No _fbp, fr.
  • No Vercel Analytics / Speed Insights in the default build. (Can be enabled with documented consent gating if needed.)
  • No session replay / heatmap tools. No Hotjar, FullStory, LogRocket, Microsoft Clarity.
  • No retargeting pixels. No LinkedIn Insight Tag, Reddit Pixel, TikTok Pixel.
  • No third-party fonts loading from CDN. Fonts (Outfit + Monaspace Neon) are self-hosted via next/font/google and next/font/local at build time — no runtime request to Google's or any other font servers, no IP logged there.

Third-party embeds

Currently zero. No YouTube players, no Vimeo, no Twitter embeds, no Calendly. Discovery-call booking is native — slots live in our own Postgres, the Book a call CTA opens an in-page widget, no third-party script runs and no cookies are set by the booking flow.

Conseto analytics

Conseto is my own first-party analytics product, EU-hosted, with consent-mode baked in by construction. It runs on the public side of this site (<code>/en/*</code> and <code>/sk/*</code>) — a consent banner is shown before any cookie or localStorage key is written. The admin section (<code>/admin/*</code>) is outside the tracking scope.

Opting out

A consent banner is shown before any analytics cookie is written — declining means zero tracking. To revoke an already-given consent, open dev tools: localStorage.removeItem('cs_consent') and reload. Admin session cookie can be cleared in Application → Cookies → nkovalcin.com at any time.

Last updated 2026-04-23Audit scope · full site / no analytics