Cookie notice
Last updated: 31 May 2026
Normiq uses the minimum number of cookies needed to keep you signed in and to process payments. No advertising cookies, no cross-site tracking, no consent banner required.
Cookies set by Normiq
The Normiq website (normiq.eu) does not set any cookies — first-party or third-party. It is a fully static site.
The Normiq application (app.normiq.eu) sets a small number of strictly-necessary first-party cookies to keep you signed in and to protect the sign-in flow. These are essential — the app cannot function without them — so no consent is required, and they carry no advertising or tracking data. They are set by Auth.js, the open-source session library the app runs on.
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
authjs.session-token | Keeps you signed in — holds your encrypted session token | Session, until you sign out | Strictly necessary |
authjs.csrf-token | Protects the sign-in flow against cross-site request forgery | Session | Strictly necessary |
authjs.callback-url | Remembers where to return you after sign-in | Session | Strictly necessary |
Over HTTPS these are sent with the hardened __Secure- / __Host- name prefixes. All are HttpOnly where the session library allows it and are never readable by advertising or analytics scripts.
Third-party cookies set during specific user actions
When you sign in or make a payment, you are redirected to a trusted third-party service. Those services set their own cookies on their own domains, subject to their own policies. Nothing on that list is for marketing or tracking.
| Source | Domain | Purpose | Duration | Category |
|---|---|---|---|---|
| Zitadel | our Zitadel auth domain | Keep you signed in during the OIDC login flow | Session + refresh window | Strictly necessary |
| Stripe | checkout.stripe.com | Process the payment checkout and fraud-detect your session on Stripe | Session, plus fraud-prevention windows | Strictly necessary |
Analytics
Normiq uses Plausible Insights for aggregate analytics. Plausible is cookieless by design: no cookies, no cross-site identifier, no personal data sent. That is why this page does not show a consent banner.
Managing cookies in your browser
You can clear or block cookies from your browser settings at any time. Note that blocking the strictly-necessary cookies above will prevent you from signing in or completing payment.
What would change this
If the set of cookies we use changes — for example, if we add analytics that use cookies, video embeds from YouTube, or social-media sharing widgets — we will update this page and show a consent banner where the law requires one. The "Last updated" date reflects the most recent revision.
Contact
Please feel free to contact us at privacy@normiq.eu if you have any questions.