Cookies and tracking
A short, plain-English explanation of what we use to understand our website traffic. The headline: no tracking cookies, no cross-site trackers, no advertising pixels.
Last updated: 12 May 2026 · Version: 1.0
The short version
- Kodiac does not use tracking cookies on this website.
- We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any cross-site tracker.
- We use Cloudflare Web Analytics, which counts page visits without identifying individuals or setting cookies.
- This is why you don't see a cookie consent banner. There is nothing to consent to.
What is a cookie?
A cookie is a small text file a website stores on your browser. Cookies can be used for legitimate purposes (such as keeping you logged in) or for tracking your browsing across sites (used by most advertising networks). Under UK PECR, websites must obtain your consent before setting cookies that are not strictly necessary for the service you requested.
What Kodiac actually uses
On the kodiac.ai marketing website (this site)
We use no first-party tracking cookies and no third-party trackers.
We use Cloudflare Web Analytics to count visits in aggregate. Cloudflare Web Analytics works by sampling request metadata Cloudflare already sees as our content delivery network and security provider. It does not set cookies, fingerprint your browser, or track you across sites. It cannot identify you individually. You can read Cloudflare's description of how this works at blog.cloudflare.com.
Cloudflare also operates at the network layer to deliver pages and protect against attacks. As part of that, Cloudflare logs basic request metadata (IP address, request timestamp, page URL, user agent) for up to 30 days for security purposes. This is standard practice for any website behind a CDN and does not depend on cookies. We use this for security and abuse prevention, not for marketing analytics.
On the Kodiac application (app.kodiac.ai, when you become a customer)
The Kodiac app uses strictly necessary cookies to keep you logged in and to maintain your session. These do not require consent under PECR because they are essential to deliver the service you requested. They are not used for analytics, profiling, or advertising.
Specifically:
| Cookie | Purpose | Lifetime |
|---|---|---|
| kodiac_session | Keeps you logged in across requests. Required to use the app. | Session, then 30 days if "remember me" is selected |
| kodiac_csrf | Protects against cross-site request forgery attacks. Required for security. | Session |
What Kodiac does not use
We want to be explicit about what is not running on this website, in case you were wondering:
- No Google Analytics, GA4, or any Google Tag Manager container
- No Meta (Facebook) Pixel
- No LinkedIn Insight Tag
- No X (Twitter) tracking pixel
- No TikTok Pixel
- No HubSpot tracking script
- No advertising remarketing pixels of any kind
- No session-replay tools (Hotjar, FullStory, LogRocket, etc.)
- No third-party chat widgets that drop tracking cookies
Why we made this choice
We sell AI infrastructure to enterprise customers. Many of those customers ask hard questions about data flows and privacy posture during procurement. Starting with privacy-friendly defaults on our own marketing site is the easiest thing to demonstrate. It also keeps the site fast and the experience clean.
If this changes
If we add anything that requires consent (for example, an advertising pixel for a paid campaign), we will:
- Implement a proper consent banner with equal-prominence Accept and Reject buttons
- Block the new technology until consent is given
- Update this page and the privacy notice before going live
Questions
Email privacy@kodiac.ai.
For the full picture of how we handle personal data, see our privacy notice.