Skip to content
CLMSpace
Book a demo

Last updated: 7 May 2026

Cookie policy

Template under legal review. This document is a working draft and has not yet been reviewed by qualified counsel. It must not be published externally without review and should not be relied upon as legal advice.

This page explains the cookies and similar technologies used by clmspace.com (the marketing site) and app.clmspace.com (the product portal). It is kept short and concrete; if you want the full data-processing picture see the privacy policy and the sub-processors list.

1. Strictly necessary cookies and storage

The product portal sets a small number of strictly necessary items: a Firebase Auth session token (cookie + localStorage), a CSRF token, and a session-scoped tenant identifier. None of these require consent under UK PECR / EU e-Privacy because they are essential to provide the service you have requested. The marketing site itself does not set any cookies for its own purposes.

2. Optional analytics

Both surfaces use Vercel Web Analytics and Vercel Speed Insights to measure traffic and Core Web Vitals (page-level performance such as Largest Contentful Paint and Time to First Byte). These services do not set any cookies. They derive an anonymous, hashed visitor identifier from your IP address and user-agent on each request; no personal data is stored and no cross-site tracking is performed.

We treat this analytics processing as optional even though it does not legally require consent under UK PECR. By default it is off until you opt in via the cookie banner. You can change your choice at any time using the link in the footer.

3. Advertising and cross-site tracking

We do not run advertising trackers, marketing pixels, or any third-party fingerprinting scripts. We do not embed third-party content on the marketing site (fonts are self-hosted via Next.js font optimisation; demo-booking links open your native email client).

4. Global Privacy Control and Do Not Track

We respect Global Privacy Control (the modern replacement for Do Not Track). If your browser sends the GPC signal, optional analytics is automatically disabled and the cookie banner is suppressed; you do not need to interact with the banner. Legacy Do Not Track headers are honoured the same way.

5. Where the consent choice is stored

Your consent decision lives in your browser’s localStorage under the key clmspace_consent. It records the version of this policy, the boolean choice for each category, the timestamp of the decision, and whether it was made by you directly or derived from a GPC signal. Clearing site data resets the banner.

6. If this changes

Adding any new tracking technology, including cookies set by third-party sub-processors, will trigger a version bump on this policy and re-prompt you for consent. We do not roll such changes silently.

7. Contact

For questions about this policy, email privacy@clmspace.com.