Cookie Policy

This Cookie Policy explains how Atelier CMS ("Atelier", "we") uses cookies and similar technologies on our platform pages at ateliercms.com and its subdomains. It does not apply to websites operated by Tenants, who are independently responsible for their own cookie practices.

1. What Are Cookies?

Cookies are small text files placed on your device by a website you visit. They allow the website to recognise your device, maintain your session, and remember your preferences. Similar technologies include local storage, session storage, and tracking pixels.

2. How We Use Cookies

We use the following categories of cookies on our platform pages:

Category	Name / Provider	Purpose	Duration	Consent Required?
Strictly Necessary	`session` (Atelier)	Maintains your authenticated admin session	2 hours / session	No
Strictly Necessary	`csrftoken` (Atelier)	Prevents cross-site request forgery attacks	Session	No
Strictly Necessary	`cookie_consent` (Atelier)	Remembers your cookie consent choice	13 months	No
Analytics	[Analytics Provider — TBD]	Measures site usage to improve the platform (e.g., page views, referrers)	Up to 2 years	Yes — requires opt-in for EU/UK visitors

We do not use advertising or tracking cookies. We do not share cookie data with advertising networks or data brokers.

3. Strictly Necessary Cookies

Strictly necessary cookies are essential for the platform to function. They cannot be disabled. They include:

Session cookie — identifies your authenticated session so you don't need to log in on every page request. The session is stored server-side; the cookie contains only a signed opaque identifier.
CSRF cookie — a per-session token that prevents malicious third-party sites from submitting forms on your behalf.
Consent cookie — stores your cookie consent preference so we don't ask on every visit.

4. Analytics Cookies

We may use analytics cookies to understand how visitors interact with our platform pages — for example, which pages are most visited and where visitors come from. Analytics data is used only to improve the platform and is not shared with third parties for advertising purposes.

For visitors from the EU, UK, or EEA, analytics cookies are only set after you provide explicit consent via our cookie consent banner. You may withdraw consent at any time by clicking "Cookie Settings" in the footer.

[This section will be updated once an analytics tool is selected. Privacy-friendly, EU-hosted options such as Plausible or Fathom are under consideration.]

6. Tenant-Operated Websites

Websites operated by Atelier Tenants (for example, a client's business site powered by Atelier) are independently responsible for their own cookie practices. This Cookie Policy does not apply to those sites. Please consult the cookie policy displayed on the relevant Tenant website.

Atelier provides Tenant sites with session and CSRF cookies that are strictly necessary for the admin dashboard. Tenants who add analytics or advertising tools to their own sites are responsible for implementing appropriate consent mechanisms.

7. Cookie Consent Logs

We log your cookie consent decision (accepted/rejected, version, region, and timestamp) to demonstrate compliance with applicable law. These logs are retained for 5 years. The log does not contain your full IP address; we store only your geographic region (e.g., "EU", "US") to determine which consent requirements apply.

8. Changes to This Policy

We may update this Cookie Policy when we add new cookies or change our practices. When we make material changes, we will update the effective date and display a new consent banner so you can review and re-confirm your preferences.

9. Contact

Privacy Team — Atelier CMS
Email: privacy@ateliercms.com