What cookies we set, why we set them, and how you can control them. No advertising, no cross-site tracking, no dark patterns.
Cookies are small text files placed on your device by the websites you visit. They let a site remember who you are and what you've done — for example, that you are logged in. Some cookies are essential for the site to function, others are used to measure usage or (on other sites) to target adverts.
These cookies are required for Kommercio to work. Under the UK Privacy and Electronic Communications Regulations (PECR), essential cookies do not require prior consent.
| Name | Purpose | Duration | First / third party |
|---|---|---|---|
| km_session | Signed session JWT — keeps you logged into the admin panel or storefront | Session or 30 days (remember me) | First-party |
| km_csrf | CSRF token for state-changing form submissions | Session | First-party |
| km_tenant | Stores the tenant slug on <slug>-admin.kommercio.io so requests route correctly | 30 days | First-party |
| __clerk_* | Clerk session and authentication state for the legacy signup funnel (being phased out) | Session / 30 days | Third-party (Clerk) |
We use a privacy-first analytics tool to understand aggregate usage. No personal identifiers, no cross-site tracking, no fingerprinting.
| Name | Purpose | Duration | First / third party |
|---|---|---|---|
| km_anon_id | Anonymous visitor identifier — resets daily, never linked to personal data | 24 hours | First-party |
We don't set any. We don't retarget. We don't share analytics with advertising networks. If we change this, we will update this page and add a consent banner before any new cookies are set.
You can control and delete cookies through your browser settings. Most browsers let you block cookies altogether, block third-party cookies only, or delete cookies already stored. Note that blocking all cookies will stop Kommercio working — you won't be able to sign in.
For general guidance on managing cookies in any browser, see allaboutcookies.org.
Essential cookies do not require consent under UK PECR. Our analytics are privacy-first and do not track personal data or behaviour across sites, so we do not treat them as requiring consent either. For that reason, we do not display a cookie consent banner — we think they mostly exist to annoy users while collecting dubious consent, and we'd rather just not set the cookies that would require one.
If we ever add advertising or cross-site tracking cookies in future (we have no plans to), we will show a proper consent banner compliant with UK GDPR and PECR, with a clear reject option that is just as easy to use as the accept option.