Both our marketing site (norcube.com) and our developer documentation (docs.norcube.com) use the same cookie setup. The consent cookie and the analytics cookie are written on the parent domain (.norcube.com), so one choice covers both sites and a returning reader is recognised as the same visitor across them.
Strictly necessary — always on
| Cookie |
Provider |
Purpose |
Expiry |
cc_cookie |
Norcube (Jetlio, s.r.o.) |
Remembers which cookie categories you accepted, so the banner does not reappear (shared across norcube.com and docs.norcube.com) |
6 months |
__cf_bm |
Cloudflare |
Distinguishes humans from bots at the CDN edge — required for security |
30 minutes |
_cfuvid |
Cloudflare |
Lets Cloudflare apply rate-limit rules per session — security |
Session |
These cookies are exempt from the consent requirement under Article 5(3) of the ePrivacy Directive because they are strictly necessary to deliver the service you asked for (i.e. to securely serve a webpage).
Analytics — only set if you click Accept
| Cookie |
Provider |
Purpose |
Expiry |
ph_phc_uZoPx…_posthog |
PostHog (EU-hosted, Frankfurt) |
A random visitor identifier (distinct_id) plus minimal session info, so we can see which pages help readers and where they get stuck. Written on .norcube.com so it is shared between the marketing and docs sites |
12 months |
PostHog is configured with auto-capture disabled and session recordings disabled — we only capture page views and the consent decision itself. The PostHog cookie does not contain your name, email, IP address, or any direct identifier; just a random ID. Analytics requests are sent through our own t.norcube.com endpoint, a thin reverse proxy in front of the EU-hosted PostHog instance (it keeps ad-blockers from silently dropping the data, and no request ever leaves the EU). We hold the EU-hosted PostHog instance under a Data Processing Agreement, listed on the subprocessors page.
If you click Decline, no analytics cookie is ever set, and no analytics data is sent to PostHog.