Short version: we only use cookies that are strictly necessary to run the website. No analytics cookies, no advertising cookies, no third-party tracking. That's why you don't see a consent popup — we don't need to ask for permission we don't require.
What we set
| Cookie | Purpose | Retention |
|---|---|---|
| paymenter_session | Keeps your session in the customer portal. Encrypted server-side. | 2 hours after last activity |
| XSRF-TOKEN | CSRF protection for form submissions. | 2 hours |
| remember_web_* | Only when you tick "stay signed in". | 5 years |
| __cf_bm | Cloudflare bot detection (1st-party). Set via our CDN, not by us. | 30 minutes |
All four fall under the strictly-necessary exemption (Dutch Telecommunications Act art. 11.7a). No consent required.
What we don't set
- No Google Analytics, Hotjar, Mixpanel or other analytics tooling.
- No Facebook pixel, LinkedIn tag, or any ad-network tracker.
- No cross-site tracking, no device fingerprinting.
- No "essential" third-party cookies that are actually analytics.
Browser settings
You can block cookies in your browser. Consequence: you can't log in to the customer portal (session cookie missing), and form submissions fail (CSRF). The rest of the site works fine without them.
Questions
Spotted a weird cookie that's not in the table above? Email [email protected] and we'll explain (or fix it if it's our mistake).