Cookies are small text files placed on your device (computer, tablet, or smartphone) by a website when you visit it. They are widely used to make websites work, to work more efficiently, and to provide information to site owners.
Cookies are not programs and cannot carry viruses or malware. They can only be read by the domain that set them (first-party cookies) or, in the case of third-party cookies, by the domain that placed them regardless of which site you are on.
Similar technologies include:
We use cookies and similar technologies to:
We do not use cookies to serve third-party advertising, build advertising profiles, or sell your data to data brokers.
We classify cookies by purpose. The categories align with the guidance of the Italian Garante and the ePrivacy Directive (2002/58/EC as amended):
Required for the Platform to function. They cannot be switched off. They do not require consent under the ePrivacy Directive and GDPR because they are set in response to actions you take (e.g., logging in, setting a language). Examples: session tokens, CSRF protection tokens, load-balancing cookies.
Enable enhanced functionality and personalisation. They may be set by us or by third-party providers whose services we have added to our pages. If you do not allow these cookies, some services may not function properly. Examples: language preference, display theme.
Allow us to count visits and measure traffic sources so we can improve the performance of the Platform. All information collected is aggregated and therefore anonymous. If you disable these cookies we will not know when you have visited. Examples: Matomo analytics.
Set through our Platform by email marketing partners. They may be used to build a profile of your interests and show you relevant messages in our emails. They do not store directly personal information but are based on uniquely identifying your browser. Consent is required. Example: Mailgun tracking pixel in emails.
The following table lists the first-party cookies and localStorage keys set by CodiceFacile:
| Name | Type | Category | Purpose | Expiry |
|---|---|---|---|---|
cf_session |
Cookie (HTTP-only, Secure) | Essential | Maintains your login session server-side. Contains a randomly generated token; no personal data is stored in the cookie itself. | 30 days (rolling) |
cf_csrf |
Cookie (SameSite=Strict) | Essential | Cross-Site Request Forgery protection token. Verified on every state-changing request. | Session |
cf_cookie_consent |
Cookie | Essential | Records your cookie consent choices so the banner is not shown on every page load. | 12 months |
cf_lang |
localStorage | Functional | Stores your selected language (EN / IT / RU) so the correct locale is applied on return visits. | Persistent (until cleared) |
cf_user_namecf_user_emailcf_user_picturecf_google_token |
localStorage | Essential | Client-side auth state: display name, email, avatar URL, and OAuth access token. Cleared on logout. | Persistent until logout |
cf_accounts |
localStorage | Essential | Demo-mode credential store. Stores email-to-name mappings for email/password accounts (no backend in current demo build). | Persistent until cleared |
_pk_id.* |
Cookie | Analytics | Matomo analytics: identifies a unique visitor. The ID is random and not linked to personal data. IP is anonymised before storage. | 13 months |
_pk_ses.* |
Cookie | Analytics | Matomo analytics: marks an active session to attribute pageviews to a single visit. | 30 minutes |
cf_ab_variant |
Cookie | Analytics | A/B test bucket assignment. Ensures you see the same variant during and across visits. Contains only a variant identifier (e.g., "A" or "B"). | 30 days |
Some cookies are placed by third-party services that appear on our pages. We have no direct control over these cookies; each third party's own privacy policy governs their use.
| Provider | Category | Purpose | Privacy policy |
|---|---|---|---|
| Google Identity Services (GIS) | Essential | Powers the "Sign in with Google" OAuth popup. Google may set cookies on accounts.google.com domain during the authentication flow. We receive only the profile data you authorise. | policies.google.com/privacy |
| Google Fonts | Functional | Loads webfonts (Playfair Display, DM Sans, DM Mono) from Google's CDN. Google may log the request including your IP address. No personal cookie is set. | policies.google.com/privacy |
| Stripe | Essential | Payment processing. Stripe sets cookies for fraud prevention and to remember payment method details on their hosted fields. Only present on checkout pages. | stripe.com/privacy |
| Mailgun | Marketing | Email delivery tracking. If you open a marketing email from us, a tracking pixel registers the open event. This can be disabled by blocking remote images in your email client. | mailgun.com/legal/privacy-policy |
We review and update this list whenever new third-party integrations are added. The most recent audit was performed on 1 January 2026.
In addition to cookies, we use the browser's localStorage API to persist certain preferences and authentication state on your device. Unlike cookies, localStorage data is never automatically sent to our servers with every request โ it is read and written exclusively by client-side JavaScript running on the Platform.
The specific localStorage keys we use are listed in the table in Section 4. You can inspect and clear localStorage at any time using your browser's developer tools:
codicefacile.it โ right-click to delete individual keys or "Clear All".codicefacile.it.codicefacile.it.We do not use IndexedDB, Web SQL, or Cache API for storing personal data.
When you first visit the Platform, a cookie consent banner allows you to accept all cookies, reject non-essential cookies, or customise your preferences by category. You can change your preferences at any time by clicking "Cookie settings" in the footer of any page.
You can configure your browser to refuse some or all cookies, or to alert you when websites set or access cookies. Note that disabling strictly necessary cookies will prevent you from logging in or using core Platform features.
Google Chrome: Settings โ Privacy and security โ Cookies and other site data โ Block third-party cookies (or "See all site data and permissions" to manage per-site).
Mozilla Firefox: Settings โ Privacy & Security โ Enhanced Tracking Protection โ Custom โ select cookie blocking level. To clear cookies: Settings โ Privacy & Security โ Cookies and Site Data โ Clear Data.
Apple Safari: Preferences โ Privacy โ "Prevent cross-site tracking" and "Block all cookies" (note: blocking all cookies may break sign-in).
Microsoft Edge: Settings โ Cookies and site permissions โ Cookies and site data โ Manage and delete cookies.
For analytics cookies specifically, Matomo respects the browser's Do Not Track signal and also provides an opt-out mechanism:
mtm_consent_removed cookie in your browser. Clearing your cookies will reset this preference โ return to the preference centre to re-apply.Disabling essential cookies will prevent you from logging in, maintaining a session, or using the code-sharing features of the Platform. Disabling functional cookies means your language preference will not be saved between visits. Disabling analytics cookies has no effect on the features you can use; we will simply have less data for product improvements.
Some browsers include a "Do Not Track" (DNT) feature that signals to websites that you do not want your browsing activity tracked. There is currently no universally accepted standard for how websites should respond to DNT signals.
However, Matomo analytics โ the only analytics tool we use โ is configured to honour DNT signals. If your browser sends a DNT header, Matomo will not track your visit. No cross-site tracking of any kind is performed by CodiceFacile regardless of DNT status.
We do not use advertising networks or retargeting services, so third-party ad tracking is not applicable to the CodiceFacile Platform.
We may update this Cookie Policy to reflect new technologies, legal requirements, or changes in our cookie usage. When we add new non-essential cookies we will update this page and, where required by the ePrivacy Directive and GDPR, seek fresh consent via the cookie preference centre.
The "Effective date" at the top of this page indicates when the policy was last revised. Material changes will be highlighted in the cookie consent banner for 30 days following the update.
If you have any questions about our use of cookies or this Cookie Policy, please contact us:
You also have the right to lodge a complaint with the Italian supervisory authority, the Garante per la protezione dei dati personali (garanteprivacy.it), if you believe that our use of cookies violates applicable data protection law.