Cookie Policy
Last updated: May 7, 2026
This Cookie Policy explains how Alpha CISO Pte. Ltd. ("we", "us", "our") and the operators of Extension Auditor (extensionauditor.com) use cookies, local storage, pixels, and similar tracking technologies (collectively, "Cookies") on the Service.
This policy supplements Our Privacy Policy and should be read together with it.
What are cookies?
Cookies are small text files placed on Your device when You visit a website. Modern browsers also support related local-storage mechanisms (such as localStorage and sessionStorage) that serve similar purposes. Throughout this policy, "Cookies" refers to all of these technologies.
Cookies can be:
- First-party, placed by the website You are visiting (extensionauditor.com), or
- Third-party, placed by a service provider whose technology runs on Our website.
They can also be:
- Session cookies, which are deleted when You close Your browser, or
- Persistent cookies, which remain on Your device until they expire or You delete them.
Categories of cookies and similar technologies we use
We classify the technologies on Our Service into four categories. The first two are loaded automatically as essential to the Service. The other two are loaded only after You give consent via Our cookie banner.
1. Strictly necessary (always on)
These technologies are required for the Service to function. Without them, the Service cannot be provided. They do not require consent under the EU ePrivacy Directive or comparable laws because they are necessary to deliver a service explicitly requested by You.
| Technology | Provider | Purpose | Type |
|---|---|---|---|
| Authentication session cookie | Self-hosted (Hetzner) | Keeps You signed in across pages | First-party, session |
| CSRF / security token | Self-hosted (Hetzner) | Prevents cross-site request forgery | First-party, session |
Cookie-consent status (cookie_consent_status) | Self-hosted (Hetzner) | Remembers Your consent choice so the banner does not reappear | First-party, persistent (localStorage) |
| Theme / language preferences | Self-hosted (Hetzner) | Remembers display preferences You set | First-party, persistent |
| Cloudflare WAF / Turnstile | Cloudflare, Inc. | Bot mitigation, abuse prevention, captcha | Third-party, session |
2. Error reporting (always on, treated as essential)
The following technology is loaded as essential to the security and reliability of the Service. We rely on the legitimate-interest legal basis under GDPR Art. 6(1)(f) for this processing.
| Technology | Provider | Purpose | Type |
|---|---|---|---|
| Sentry browser SDK | Functional Software, Inc. (Sentry) | Captures information about errors that occur during Your session (error message, stack trace, browser, IP address). We do not enable Sentry's session-replay or performance-profiling integrations. | Third-party, persistent localStorage entries (used for error correlation only) |
3. Analytics (consent-required, opt-in via cookie banner)
These technologies are loaded only after You click "Accept all" on Our cookie banner. If You click "Reject non-essential" or do not interact with the banner, they are never loaded.
| Technology | Provider | Purpose | Type |
|---|---|---|---|
| Umami Analytics (page-view tracking) | Self-hosted by Us on Hetzner infrastructure | Anonymous page-view counts and basic usage metrics | First-party, cookieless (uses anonymized server-side identifiers only) |
Umami Session Replay (recorder.js) | Self-hosted by Us on Hetzner infrastructure | Records anonymized interactions with Our website (clicks, scrolls, form interactions with input masking) up to 20 minutes per session, to help Us understand and improve the Service | First-party, persistent |
| Cloudflare Web Analytics | Cloudflare, Inc. | Privacy-friendly, cookie-less page-view and performance metrics (page URL, referrer, browser, country derived from IP, basic timing) | Third-party, cookie-less — does not set persistent identifiers |
4. Functionality cookies (consent-required where applicable)
We do not currently use any third-party functionality cookies for personalization or social features. If We add any in the future, We will update this policy and request Your consent before loading them.
What we do not use
We want to be specific about what is not present on the Service:
- We do not use any advertising cookies, retargeting tags, or ad-network pixels.
- We do not use cross-context behavioral advertising (CCPA-defined "sharing").
- We do not allow third parties to sell personal information collected on Our Service for monetary or other valuable consideration. (See our Privacy Policy "Sale and Sharing of Personal Information" section for details.)
- We do not use fingerprinting to track You across browsers or devices.
How to manage Your cookie preferences
On Our Service
The fastest way to change Your preferences is the "Cookie preferences" link in the website footer. Clicking it clears Your stored consent choice and re-displays the cookie banner so You can choose again.
In Your browser
You can also control or block cookies via Your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Please note that disabling strictly-necessary cookies will prevent the Service from functioning correctly (for example, You will not be able to sign in).
Browser-level signals
We honor browser-transmitted Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information, in accordance with 11 CCR § 7025. Because We do not sell or share personal information for cross-context behavioral advertising, the GPC signal does not change Our processing — but it is logged and honored as a defense-in-depth measure.
We do not respond to Do Not Track (DNT) headers. Industry standards for DNT were never widely adopted, and most modern browsers no longer offer it as a setting.
Updates to this policy
We may update this Cookie Policy from time to time to reflect changes in the technologies We use or in applicable law. The "Last updated" date at the top of this page will change accordingly. Material changes that affect what cookies are placed will be accompanied by a re-prompt of the cookie banner.
Contact
If You have questions about this Cookie Policy, please contact us via Our contact page or at [email protected].
