Cookie Policy

Our cookie policy and how we use cookies and similar technologies

Cookie Policy

Last updated: May 7, 2026

This Cookie Policy explains how Alpha CISO Pte. Ltd. ("we", "us", "our") and the operators of Extension Auditor (extensionauditor.com) use cookies, local storage, pixels, and similar tracking technologies (collectively, "Cookies") on the Service.

This policy supplements Our Privacy Policy and should be read together with it.

What are cookies?

Cookies are small text files placed on Your device when You visit a website. Modern browsers also support related local-storage mechanisms (such as localStorage and sessionStorage) that serve similar purposes. Throughout this policy, "Cookies" refers to all of these technologies.

Cookies can be:

  • First-party, placed by the website You are visiting (extensionauditor.com), or
  • Third-party, placed by a service provider whose technology runs on Our website.

They can also be:

  • Session cookies, which are deleted when You close Your browser, or
  • Persistent cookies, which remain on Your device until they expire or You delete them.

Categories of cookies and similar technologies we use

We classify the technologies on Our Service into four categories. The first two are loaded automatically as essential to the Service. The other two are loaded only after You give consent via Our cookie banner.

1. Strictly necessary (always on)

These technologies are required for the Service to function. Without them, the Service cannot be provided. They do not require consent under the EU ePrivacy Directive or comparable laws because they are necessary to deliver a service explicitly requested by You.

TechnologyProviderPurposeType
Authentication session cookieSelf-hosted (Hetzner)Keeps You signed in across pagesFirst-party, session
CSRF / security tokenSelf-hosted (Hetzner)Prevents cross-site request forgeryFirst-party, session
Cookie-consent status (cookie_consent_status)Self-hosted (Hetzner)Remembers Your consent choice so the banner does not reappearFirst-party, persistent (localStorage)
Theme / language preferencesSelf-hosted (Hetzner)Remembers display preferences You setFirst-party, persistent
Cloudflare WAF / TurnstileCloudflare, Inc.Bot mitigation, abuse prevention, captchaThird-party, session

2. Error reporting (always on, treated as essential)

The following technology is loaded as essential to the security and reliability of the Service. We rely on the legitimate-interest legal basis under GDPR Art. 6(1)(f) for this processing.

TechnologyProviderPurposeType
Sentry browser SDKFunctional Software, Inc. (Sentry)Captures information about errors that occur during Your session (error message, stack trace, browser, IP address). We do not enable Sentry's session-replay or performance-profiling integrations.Third-party, persistent localStorage entries (used for error correlation only)

These technologies are loaded only after You click "Accept all" on Our cookie banner. If You click "Reject non-essential" or do not interact with the banner, they are never loaded.

TechnologyProviderPurposeType
Umami Analytics (page-view tracking)Self-hosted by Us on Hetzner infrastructureAnonymous page-view counts and basic usage metricsFirst-party, cookieless (uses anonymized server-side identifiers only)
Umami Session Replay (recorder.js)Self-hosted by Us on Hetzner infrastructureRecords anonymized interactions with Our website (clicks, scrolls, form interactions with input masking) up to 20 minutes per session, to help Us understand and improve the ServiceFirst-party, persistent
Cloudflare Web AnalyticsCloudflare, Inc.Privacy-friendly, cookie-less page-view and performance metrics (page URL, referrer, browser, country derived from IP, basic timing)Third-party, cookie-less — does not set persistent identifiers

4. Functionality cookies (consent-required where applicable)

We do not currently use any third-party functionality cookies for personalization or social features. If We add any in the future, We will update this policy and request Your consent before loading them.

What we do not use

We want to be specific about what is not present on the Service:

  • We do not use any advertising cookies, retargeting tags, or ad-network pixels.
  • We do not use cross-context behavioral advertising (CCPA-defined "sharing").
  • We do not allow third parties to sell personal information collected on Our Service for monetary or other valuable consideration. (See our Privacy Policy "Sale and Sharing of Personal Information" section for details.)
  • We do not use fingerprinting to track You across browsers or devices.

On Our Service

The fastest way to change Your preferences is the "Cookie preferences" link in the website footer. Clicking it clears Your stored consent choice and re-displays the cookie banner so You can choose again.

In Your browser

You can also control or block cookies via Your browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

Please note that disabling strictly-necessary cookies will prevent the Service from functioning correctly (for example, You will not be able to sign in).

Browser-level signals

We honor browser-transmitted Global Privacy Control (GPC) signals as a valid request to opt out of the sale or sharing of personal information, in accordance with 11 CCR § 7025. Because We do not sell or share personal information for cross-context behavioral advertising, the GPC signal does not change Our processing — but it is logged and honored as a defense-in-depth measure.

We do not respond to Do Not Track (DNT) headers. Industry standards for DNT were never widely adopted, and most modern browsers no longer offer it as a setting.

Updates to this policy

We may update this Cookie Policy from time to time to reflect changes in the technologies We use or in applicable law. The "Last updated" date at the top of this page will change accordingly. Material changes that affect what cookies are placed will be accompanied by a re-prompt of the cookie banner.

Contact

If You have questions about this Cookie Policy, please contact us via Our contact page or at [email protected].