Cookie Policy
Last updated: May 3, 2026 — Google Analytics 4 (web) is now active. Visitors who grant analytics consent will have aggregated, IP-anonymised usage data sent to Google. Disclosure was already in place; status of the row in § 3 below changed from “Conditional” to “Active (with consent)”. Meta Pixel remains conditional pending its own activation.
This Cookie Policy explains what cookies and similar technologies are, how elynd.app (“the Site”) uses them, and what choices you have. It supplements our Privacy Policy. Comads OÜ (registry code 17276947), based at Ahtri St. 12, 15551 Tallinn, Estonia, is the data controller.
Your choice, any time. You can review or change your cookie preferences whenever you like. Analytics and marketing cookies are disabled by default and only run if you explicitly grant consent.
1. What are cookies?
A cookie is a small text file placed on your device by the websites you visit. Similar technologies include web beacons, pixels, and browser storage mechanisms such as localStorage and sessionStorage. In this policy, “cookies” refers to all of these.
2. Cookie categories we use
We group cookies into three categories. Your consent for analytics and marketing cookies is recorded in your browser’s localStorage (key elynd_cookie_consent_v1). Changing your choice takes effect immediately on your next page view.
2.1 Strictly necessary Always active
Cookies required for core functionality, such as authentication, CSRF protection, and remembering your cookie choices. Under the EU ePrivacy Directive, these do not require consent and cannot be disabled without breaking the Site.
2.2 Analytics Opt-in
Cookies that help us understand how visitors use the Site so we can improve it. Data is aggregated and is not used for advertising. Disabled by default — only active with your consent.
2.3 Marketing Opt-in
Cookies that let us measure the effectiveness of ads and reach audiences on other platforms. Disabled by default — only active with your consent.
3. Cookies we may set
The table below lists every cookie or browser-storage item the Site may set. “Active” means the cookie is in use today; “Conditional” means the cookie is only set if the corresponding vendor is enabled by us AND you have granted the matching consent category.
| Name | Provider / Category | Purpose & retention | Status |
|---|---|---|---|
csrftoken |
elynd.app Strictly necessary |
Set by Django to protect against Cross-Site Request Forgery attacks on form submissions (for example, the admin login form). Set only when a page includes a CSRF-protected form. Typically retained for 1 year. | Active |
sessionid |
elynd.app Strictly necessary |
Set by Django when you sign in to an account-bearing area of the Site (primarily the admin panel). Keeps you authenticated across page loads. Retained for the session, or up to 2 weeks if “remember me” is used. | Active |
elynd_cookie_consent_v1 |
elynd.app Strictly necessary localStorage |
A JSON object stored in your browser’s localStorage (not as an HTTP cookie) recording which cookie categories you have consented to, the timestamp of your choice, and the policy version. Clearing your browser storage will reset your choice and cause the banner to reappear. | Active |
_ga, _ga_<ID> |
Google LLC (Google Analytics 4) Analytics |
Used by Google Analytics to distinguish visitors and sessions so we can see aggregate usage trends (pages viewed, session duration, country). IPs are anonymised (last octet masked) and Google advertising features are disabled. Retained for up to 2 years. | Active (with consent) |
_fbp, _fbc |
Meta Platforms, Inc. (Meta Pixel) Marketing |
Used by the Meta Pixel (Facebook / Instagram) to measure ad effectiveness, attribute conversions, and build audiences. Retained for up to 90 days (_fbp) / until overwritten (_fbc). |
Conditional — not yet enabled |
What “Conditional — not yet enabled” means. We have the infrastructure to run the Meta Pixel in a consent-compliant way (it only fires after you grant the marketing category), but the vendor IDs are not populated in our production environment as of the “Last updated” date above. So even a visitor who clicks “Accept all” does not trigger Meta until we flip it on. When we do, we will update the status column on this page. Google Analytics 4 was previously listed as Conditional and is now Active — see § 3 above for the current status pill.
4. Third-party data transfers when you visit the Site
Visiting a web page always means your browser connects to the servers hosting that page’s resources. On elynd.app:
- Google Fonts (
fonts.googleapis.com,fonts.gstatic.com) — we use the Poppins font, served from Google’s CDN. Google does not set cookies for font requests, but your IP address is transmitted to Google as part of the HTTP connection. If you prefer we self-host the font to avoid any transfer to Google, please contact us. - Google Analytics (conditional) — if enabled and you grant analytics consent, anonymised usage data is sent to Google.
- Meta Pixel (conditional) — if enabled and you grant marketing consent, pageview and conversion events are sent to Meta.
The full list of vendors that process personal data on our behalf, including the legal transfer mechanism (SCCs, EU-U.S. Data Privacy Framework), is published on our Sub-processors page.
5. How we obtain and remember consent
When you first visit, our banner gives you three options:
- Accept all — enables analytics and marketing cookies.
- Reject all — keeps only strictly necessary cookies active.
- Customize — lets you toggle analytics and marketing independently.
Your choice is recorded in the elynd_cookie_consent_v1 localStorage item described above. Revisiting the Site does not show the banner again until you clear your browser storage or we publish a new version of this policy requiring fresh consent.
We use Google’s Consent Mode v2 for Google Analytics, meaning Google is signalled “denied” for analytics and advertising storage until you explicitly grant consent.
6. Cookies in the Elynd mobile app
The Elynd mobile application does not use HTTP cookies (native mobile apps do not have a cookie jar the way browsers do). For the equivalent disclosures covering the mobile app — including the SDKs we bundle and the sub-processors we share data with — see the Privacy Policy and our Sub-processors page.
7. How to control cookies
You have multiple ways to control cookies:
- On this Site — click “Cookie Settings” in the footer (or use the Manage cookie preferences button at the top of this page) to change your choice at any time.
- In your browser — delete, block, or restrict cookies through your browser settings. Help pages: Safari (Preferences › Privacy), Chrome (Settings › Privacy and security), Firefox (Settings › Privacy & Security), Edge (Settings › Cookies and site permissions).
- Opt out directly with vendors: Google Analytics opt-out browser add-on, Meta’s ad controls.
Blocking strictly necessary cookies may prevent parts of the Site that require authentication from functioning.
8. Changes to this policy
If we add a new cookie category or materially change how an existing one works, we will update this page, bump the “Last updated” date at the top, and re-prompt you for consent where required by applicable law.
9. Contact us
If you have questions about our use of cookies, you can reach us:
Email: [email protected]
Address: Comads OÜ, Ahtri St. 12, 15551 Tallinn, Estonia
Registry code: 17276947