1. Intro
Cookies are small text files stored on your device. We use them to run the site, remember your preferences, and keep the service secure. This page lists every cookie we set.
2. Cookie categories (PECR classification)
| Category | Consent required | Description |
|---|---|---|
| Strictly necessary | No (PECR exception) | Site function: CSRF, session, auth |
| Performance/analytics | Yes | Measure site performance (if used) |
| Functional | Yes | Remember preferences |
| Targeting/advertising | Yes | Not used v1 |
3. Cookie inventory
| Name | Purpose | Category | Duration | Provider |
|---|---|---|---|---|
cf_clearance | Cloudflare WAF challenge | Strictly necessary | 30 days | Cloudflare |
__cf_bm | CF bot management | Strictly necessary | 30 min | Cloudflare |
_turnstile_token | Turnstile bot check | Strictly necessary | Form session | Cloudflare |
lk_session | Auth session (post-signup) | Strictly necessary | 30 days rolling | LeadKing |
lk_csrf | CSRF protection | Strictly necessary | Session | LeadKing |
lk_consent | Remembers your cookie choice | Functional | 6 months | LeadKing |
lk_theme | Light/dark preference | Functional | 1 year | LeadKing |
4. What we don't use
- Google Analytics / GA4
- Meta Pixel / Facebook tracking
- LinkedIn Insight Tag
- HubSpot tracking
- Hotjar / FullStory / session replay
- Any third-party advertising cookies
5. Consent mechanism
First visit: banner with three buttons — Accept all, Reject all, Manage. Reject is as visually prominent as Accept. Manage opens a modal with per-category toggles (strictly necessary locked on). No dark patterns. No pre-ticked boxes.
Withdrawal: footer link "Manage cookies" reopens the modal any time. Changes apply immediately.
6. Do Not Track & Global Privacy Control
We honour Sec-GPC: 1 (Global Privacy Control) — treats as "reject all" preference. Legacy DNT: 1 also honoured.
7. Third-party cookies
Cloudflare: necessary for site function + security (PECR exception). Stripe (on billing portal only, not marketing site): necessary for payment. No advertising third-party cookies.
8. Changes
Material changes trigger consent banner re-display. Last updated date above.
9. Contact
Email: [email protected]. See also /privacy for broader data policy.