Cookie Policy
Last updated: 27 May 2026
1. The short version
Mailbuttons uses only the cookies strictly necessary to keep you signed in. We measure aggregate site usage with self-hosted Plausible Analytics, which is cookieless and does not track individuals. No advertising cookies, no tracking pixels, no third-party tag manager. There is no consent banner because no non-essential cookies are set.
This policy is published by Code Cutter Limited, a company registered in England and Wales (company number 08453060) with registered office at Unit 96 The Maltings Business Centre, Stanstead Abbotts, Ware, Herts, SG12 8HG, trading as Mailbuttons.
2. The cookies we set
All cookies set by Mailbuttons are first-party, strictly necessary for authentication, and exempt from consent requirements under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive.
| Cookie | Purpose | Lifetime |
|---|---|---|
| mailbuttons_session | Authenticated session for the dashboard and API. | Session; rotated on sign-in. |
| oidc_state | CSRF protection for the OIDC sign-in flow with Kanidm. | Transient; deleted at end of the sign-in flow. |
| oidc_nonce | Replay protection for the OIDC ID token. | Transient; deleted at end of the sign-in flow. |
| oidc_pkce | PKCE verifier for the OIDC sign-in flow. | Transient; deleted at end of the sign-in flow. |
3. What we do not do
For transparency, an explicit list of things this site does not do:
- No cookie-based analytics (Google Analytics, etc.)
- No tag manager (Google Tag Manager, Segment, etc.)
- No advertising or marketing cookies
- No social-media tracking pixels
- No third-party chat widgets that drop cookies
- No fingerprinting techniques
- No cross-site tracking
We do measure aggregate site usage with Plausible Analytics, self-hosted on our own UK infrastructure at analytics.mailbuttons.com. Plausible is cookieless, does not track individuals across sessions or sites, and produces only anonymous aggregate metrics. Its data lives entirely within our UK-residency boundary; no third-party processor is engaged for analytics.
If this changes we will update this page and, where required, present a consent banner before any non-essential cookies are set.
4. Managing the cookies we do set
Because the cookies we set are strictly necessary, blocking them via browser settings will prevent the dashboard from working. There is no opt-out for session cookies; you may instead sign out, which clears them, or close the session by deleting the mailbuttons_session cookie in your browser.
5. Sub-processors and external requests
The dashboard and marketing site load assets from our own infrastructure. Where the site is served via Cloudflare for DNS and edge protection, Cloudflare may set its own cookies for security purposes (e.g. __cf_bm bot management); these are also strictly necessary under PECR. No customer email content or audit-log content is transmitted to Cloudflare. See our Privacy Policy and sub-processor list for the full picture.
6. Updates to this policy
We update this page when our use of cookies materially changes. Material changes are recorded in this document's git history; the "Last updated" date reflects the most recent substantive revision.
7. Contact
Email: privacy@mailbuttons.com
Data Protection Officer: dpo@mailbuttons.com
Postal address: Code Cutter Limited (trading as Mailbuttons), Unit 96 The Maltings Business Centre, Stanstead Abbotts, Ware, Herts, SG12 8HG, United Kingdom