Legal
Cookie Policy
Last updated: 12 April 2026
1. Our Stance on Cookies
GhostlyX is built on a cookieless analytics philosophy. The tracking script we provide to you for your websites does not set any cookies on your visitors' browsers. This means your visitors do not need to see a cookie consent banner for GhostlyX analytics under GDPR or the UK PECR.
The ghostlyx.com website itself uses a small number of strictly necessary cookies for authentication and infrastructure security, detailed below. None of these are advertising or tracking cookies.
2. Cookies on the GhostlyX Application
The GhostlyX dashboard application uses a small number of strictly necessary cookies to operate. These cookies do not track you across other websites and are not used for advertising.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| ghostlyx-session | Maintains your authenticated login session | Session (browser close) | Strictly Necessary |
| XSRF-TOKEN | CSRF protection. Prevents cross-site request forgery attacks. | Session (browser close) | Strictly Necessary |
| __cf_bm | Set by Cloudflare to identify and mitigate automated bot traffic. Required for the security and availability of this site. Contains no personal data and cannot be used to track you across other websites. This cookie is mandatory when Cloudflare Bot Fight Mode is enabled and cannot be disabled without removing bot protection entirely. | 30 minutes | Strictly Necessary |
| cf_clearance | Set by Cloudflare when a visitor has passed a security challenge. Confirms the visitor is human and prevents the challenge from being repeated unnecessarily. Only set when a challenge is triggered, not on every visit. | 1 hour | Strictly Necessary |
3. Third-Party Cookies
We do not use third-party advertising, analytics, or social media cookies. The following third-party infrastructure providers may set cookies as part of delivering and securing the service:
- Cloudflare. Our CDN, DDoS protection, and bot management provider. Cloudflare sets the strictly necessary security cookies listed above (__cf_bm, cf_clearance) to protect this site from malicious automated traffic. These cookies contain no personal data and are not used for advertising or cross-site tracking. See Cloudflare's Cookie Policy.
- Stripe. Our payment processor. Stripe may set cookies when you interact with the payment flow. These are governed by Stripe's own cookie policy.
4. Managing Cookies
All cookies used on GhostlyX are strictly necessary. The Cloudflare security cookies (__cf_bm, cf_clearance) are classified as strictly necessary under GDPR and the UK PECR and do not require your consent, as they serve a genuine security function with no advertising or tracking purpose. The same applies to the session and CSRF cookies required for authentication.
Because we only use strictly necessary cookies, there is no cookie consent banner on GhostlyX. You may configure your browser to block or delete cookies at any time; however, blocking session cookies will prevent you from logging in, and blocking Cloudflare security cookies may result in your access being challenged or restricted.
Most browsers allow you to manage cookie preferences in their settings. Refer to your browser's documentation for instructions.
5. For Your Own Website
Because the GhostlyX tracking script sets no cookies, you do not need to mention GhostlyX in your own websites cookie policy. This is one of the core advantages of using a privacy-first analytics provider.
6. Contact
If you have questions about our use of cookies, contact us at [email protected].
Varsuite Media Group Ltd, Mentor House, Ainsworth Street, Blackburn, Lancashire, United Kingdom, BB1 6AY