A short list. No advertising trackers, no cross-site fingerprinting, no Meta Pixel. We're an SOC — we know better.
A cookie is a small text file stored by your browser. We use the minimum needed to make the site work and to understand what's being read.
| Cookie | Category | Purpose | Lifetime | Set by |
|---|---|---|---|---|
| ic_session | Strictly necessary | Keeps you signed in to the customer portal. Without it, you'd have to re-authenticate on every page load. | Session | ironcastle.io |
| ic_csrf | Strictly necessary | Cross-site-request-forgery token for form submissions. A security control. | Session | ironcastle.io |
| ic_lang | Strictly necessary | Remembers your language preference (EN / AR). | 1 year | ironcastle.io |
| ic_cookie_consent | Strictly necessary | Remembers your cookie-consent choice so we don't ask on every visit. | 1 year | ironcastle.io |
| plausible_* | Analytics (opt-in) | Plausible Analytics — privacy-respecting, no cross-site tracking, no fingerprinting. Aggregated page views only. | 30 days | plausible.io |
We do not use any of the following on the marketing site or the customer portal:
Strictly-necessary cookies can't be turned off — the site won't work without them. Analytics cookies are opt-in: we ask you on first visit and won't load Plausible until you say yes.
You can clear cookies at any time from your browser settings. You can withdraw analytics consent by clicking "Cookie settings" in the footer of any page (coming Q3 2026 — until then, email [email protected] and we'll suppress for your IP / account).
The customer portal uses localStorage for some UI preferences (sidebar collapse state, table column widths). These never leave your browser.
We use server-side logs (Cloudflare and our own collectors) for security, abuse prevention, and SLA monitoring. These include IP address and user-agent — they're not cookies, but they exist.
Email [email protected]. Detailed legal terms are in our Privacy Policy.