Skip to content
OS Domains
Cookies Policy

Every cookie we set, listed individually. No marketing trackers.

We use a small number of cookies for the parts of our service that genuinely need them. We do not run ad campaigns, we do not embed third-party tracking pixels, and we do not use Google Analytics or Tag Manager. Our analytics (Plausible) is EU-hosted and does not track individuals across sessions or sites. Below is the complete list, organized by the four ePrivacy categories: strictly necessary, functional, analytics, marketing.

This policy complies with the EU ePrivacy Directive (2002/58/EC as amended by 2009/136/EC), the General Data Protection Regulation (Regulation (EU) 2016/679), and national implementations (Austria DSG, Germany TTDSG, France LIL). For data-processing details beyond cookies, see the DPA.

Document metadata
Version
v3.1
Last updated
2026-03-15
Legal basis
ePrivacy Art. 5(3) + GDPR

Your cookie preferences

Toggle categories on or off. Changes take effect immediately. Strictly necessary cookies cannot be disabled because the site cannot function without them.

01 · 6 cookies Always active · no consent required

Strictly necessary

These cookies are essential for the site or customer portal to function. They are exempt from consent under Article 5(3) of the ePrivacy Directive because the service cannot operate without them. We disclose them here for transparency.

Cookie name Purpose Duration Provider Domain
osd_session Customer portal session token. Identifies your logged-in session after authentication. Session (deleted on browser close) OS Domains (first-party) app.osdomains.com
osd_csrf CSRF protection token. Prevents cross-site request forgery on portal actions. Session OS Domains (first-party) app.osdomains.com
osd_locale Stores your selected language (en, es, pt-br) so we serve the right localized page. 12 months OS Domains (first-party) .osdomains.com
osd_consent Stores your cookie-consent choices (which categories you accepted or rejected). 6 months OS Domains (first-party) .osdomains.com
__cf_bm Cloudflare bot-management cookie. Distinguishes humans from bots for our edge cache. 30 minutes Cloudflare (sub-processor) .osdomains.com
cf_clearance Cloudflare challenge clearance. Set after passing a security challenge. 30 minutes (extends on activity) Cloudflare (sub-processor) .osdomains.com
02 · 3 cookies Disabled by default · consent required

Functional

These cookies remember choices you make that improve your experience but are not essential. Examples include UI preferences, recently viewed pages, and similar conveniences. We only set them after you actively consent.

Cookie name Purpose Duration Provider Domain
osd_theme Stores your selected dark or light mode preference for the customer portal. 12 months OS Domains (first-party) .osdomains.com
osd_pop_preference Remembers which PoP you have selected as default when running test sends from the portal. 6 months OS Domains (first-party) app.osdomains.com
osd_collapse_state Stores which sidebar sections you have collapsed in the customer portal. 6 months OS Domains (first-party) app.osdomains.com
03 · 1 cookie Disabled by default · consent required

Analytics

These cookies help us understand how the site is used in aggregate — which pages are most visited, where visitors come from, what content keeps people reading. We use Plausible Analytics, which is EU-hosted, GDPR-compliant by design, and does not use any third-party tracking cookies. Even so, consent is required.

Cookie name Purpose Duration Provider Domain
plausible_ignore When set, tells Plausible to ignore page-view tracking from your browser. Only set if you have opted out via the analytics control below. Persistent (until cleared) Plausible Analytics (sub-processor, EU-hosted) plausible.io

Note: Note: Plausible Analytics does not use tracking cookies in the traditional sense. The only cookie above is the opt-out marker. Plausible counts page views server-side using anonymized request data; no individual user is tracked across sessions or sites.

04 · 0 cookies Not used · we do not run ad campaigns

Marketing

We do not set marketing cookies, do not run retargeting campaigns, and do not embed third-party ad pixels (no Meta Pixel, no LinkedIn Insight, no Google Ads). We have no business reason to track you across the internet, so we do not. This section is intentionally empty.

Note: If you spot a tracking pixel or marketing cookie on any OS Domains property that is not listed here, email [email protected] — that would be a misconfiguration and we want to fix it.

Cookie FAQ

Six questions we get the most.

01

Do I have to accept cookies to use the site?

No. The main marketing site at osdomains.com works fully without cookies (we serve static HTML with no JavaScript dependencies on cookies). The customer portal at app.osdomains.com requires strictly necessary cookies for the session and CSRF tokens — those are exempt from consent under the ePrivacy Directive because the portal literally cannot operate without them. Functional, analytics, and (non-existent) marketing cookies all require explicit opt-in.

02

How do I change my cookie preferences after the first visit?

Click the "Cookie preferences" link in the footer of any page to reopen the consent banner. You can opt in or out of each category independently. We do not require a reason for changes; we delete cookies for any category you have switched off within 24 hours.

03

What happens if I reject all non-essential cookies?

The site works normally — you read pages, browse documentation, contact us, view pricing. The customer portal also works normally; you just lose the convenience of remembered UI preferences (dark mode, collapsed sidebar, default PoP). We do not block content or features based on consent state.

04

Do you use Google Analytics or Google Tag Manager?

No. We use Plausible Analytics, which is EU-hosted, GDPR-compliant by design, and does not transfer data outside the EEA. We chose Plausible specifically because it removes the Schrems II complications that come with US-hosted analytics. We have never used Google Analytics or Google Tag Manager on any OS Domains property.

05

Are there cross-border data transfers via cookies?

Strictly necessary cookies stay in our EU infrastructure. Plausible Analytics is EU-hosted (Germany), so no cross-border transfer occurs even if you have opted into analytics. Cloudflare bot-management cookies (__cf_bm, cf_clearance) are processed at Cloudflare's edge locations, which may include non-EU points-of-presence depending on your routing. Cloudflare is GDPR-compliant via the EU-US Data Privacy Framework and Standard Contractual Clauses with Transfer Impact Assessment. You can find Cloudflare's privacy policy linked in the sub-processors list on the DPA page.

06

How long do you store consent records?

Consent records (date, IP, version of cookie policy, choices) are stored for 24 months as evidence of compliance with GDPR Article 7(1). After 24 months we delete them; if you make new choices, that resets the clock. You can request a copy of your consent record at any time via the customer portal or by emailing [email protected].

Related documents

The DPA covers all other data processing beyond cookies.

Cookies are one specific type of data collection regulated under the ePrivacy Directive. The DPA covers the broader contractual data-processing relationship under GDPR Article 28 — sub-processors, breach notification, data residency, cross-border transfers, retention, and audit rights.

Phone +43 1 205 11 80 Mon–Fri · 9–18 CET
Email [email protected] Avg response 4h business
Office Fleischmarkt 1, 1010 Wien By appointment