Cookie Policy

Last updated: July 13, 2026

This Cookie Policy explains how CMDOP Inc. (“Cmdop”, “we”, “us”) uses cookies and similar storage on the cmdop.com website.

It covers the website only. The Cmdop CLI, the local agent, and the relay do not use cookies.


1. What this covers

“Cookies” in this policy means cookies and every equivalent technology that reads from or writes to your device — including localStorage, sessionStorage, and IndexedDB.

We say this explicitly because the distinction is often misunderstood: the law here governs storing information on your device, not the specific technology used to store it. Moving a tracker from a cookie into localStorage changes nothing about how it is treated.


2. Strictly necessary storage

These are required for the site to work at all. They cannot be switched off, and they do not require your consent.

NameWherePurposeLifetime
cfg.access_tokenlocalStorageKeeps you signed in after you log inUntil logout or expiry
cfg.refresh_tokenlocalStorageRenews your session without re-entering your passwordUntil logout or expiry
cfg.api_keylocalStorageAuthenticates your requests to our APIUntil revoked
user_profile_cachelocalStorageCaches your own profile so pages render without a round-tripUntil logout
sessionidCookieDjango session (admin and server-rendered pages)Session
csrftokenCookieCross-site request forgery protection1 year
NEXT_LOCALECookieRemembers the language you chose1 year

Your authentication tokens are stored on your device, not sent as cookies. We hold no session server-side that we could read without them.


3. Analytics

We use Google Analytics 4 to understand how the website is used — which pages people visit, and how they arrive. Google sets cookies (_ga, _ga_<id>) to do this, and receives the data.

We do not use analytics to build advertising profiles, and we do not sell this data.

You can prevent these cookies entirely by blocking third-party cookies in your browser, or with Google’s opt-out extension. Nothing on the site depends on them.

The Cmdop CLI and agent do not send analytics. Crash telemetry from the agent is a separate mechanism, described in our Privacy Policy.


4. Third parties that may set cookies

Some pages embed services that set their own cookies. We do not control them, and their own policies govern what they do:

  • Google Analytics — usage measurement (see above).
  • Calendly — only if you open a booking link from our site.
  • Stripe — only on checkout pages, for payment processing and fraud prevention.

5. Managing cookies

You can view, delete, and block cookies in your browser settings:

  • Chrome — Settings › Privacy and security › Third-party cookies
  • Firefox — Settings › Privacy & Security › Cookies and Site Data
  • Safari — Settings › Privacy › Manage Website Data
  • Edge — Settings › Cookies and site permissions

Blocking strictly necessary storage will sign you out and prevent parts of the site from working. Clearing localStorage signs you out.


6. Do Not Track

Browsers may send a “Do Not Track” signal. There is no agreed standard for what a site should do in response, and we do not currently act on it. We mention this because saying nothing would be worse than saying so.


7. Changes

We will update this policy when what we store changes, and we will move the date at the top when we do.


Questions: [email protected]