Skip to content
CODELAB

Cookie Info.

What this site stores in your browser — and what it doesn't.

tl;dr

This website does not use tracking cookies. Our analytics tool is cookieless and privacy-first. No cookie consent banner is needed because we don't set any non-essential cookies.

// analytics

Privacy-First Analytics

We use Umami, a self-hosted, open-source analytics platform. Umami is designed to be privacy-respecting by default:

  • Does not use cookies
  • Does not collect any personally identifiable information (PII)
  • Does not track users across websites
  • All data is aggregated — no individual user profiles are created
  • Self-hosted on our own infrastructure — no data leaves our servers
  • Compliant with GDPR, CCPA, and PECR without a consent banner

Umami only collects anonymous usage data such as page views, referrer URLs, browser type, operating system, and device type. This data is used to understand general traffic patterns and improve the website.

// cookies

Cookies Used

CookieTypePurposeDuration
No cookies are currently set by this website.

If we ever introduce cookies (e.g., for session management or enhanced features), this page will be updated and, where required, a consent mechanism will be provided.

// browser storage

Local Storage & Session Data

The chat assistant uses in-memory React state to maintain your conversation during the current session. This data is not saved to localStorage, sessionStorage, or any other persistent browser storage. Refreshing the page clears all conversation data.

The service worker caches static assets (HTML, CSS, JavaScript) for offline support. This is a standard PWA feature and does not involve personal data.

// compliance

GDPR, DORA & Data Protection

GDPR (General Data Protection Regulation): This website is fully compliant with GDPR requirements. We follow data minimization principles — collecting only what's necessary, storing it securely, and processing it lawfully. Since we don't use tracking cookies or collect personally identifiable information through analytics, no consent mechanism is required under Article 6(1)(f) (legitimate interest).

DORA (Digital Operational Resilience Act): While DORA primarily targets financial entities, its principles inform our infrastructure approach. We maintain operational resilience through:

  • Self-hosted analytics — no dependence on third-party SaaS for critical data
  • Documented backup and recovery procedures
  • Containerized architecture for rapid incident recovery
  • PostgreSQL replication for data durability
  • Monitoring and alerting for service health
  • Version control and reproducible deployments

Your rights: Under GDPR, you have the right to access, rectify, erase, restrict processing, and port your data. Since we collect minimal data, these rights primarily apply to contact form submissions. Contact us at hello@codelab.nl to exercise any of these rights.

// third-party

Third-Party Scripts

We do not load any third-party tracking scripts, social media widgets, or advertising frameworks. The only external resource loaded is Google Fonts (Geist font family), which is subject to Google's privacy policy.

For more details on how we handle your data, see our Privacy Policy.