Cookies
This English version is a convenience translation; the Czech version prevails in case of any discrepancy.
This page describes the cookies and similar technologies that are or may be used on the danito.cz website and in the app.danito.cz application. The handling of personal data is governed by a separate privacy policy.
What cookies are
Cookies are small text files that a website stores in the user’s browser. Among other things, they serve to store preferences, to run the login session, or to measure traffic anonymously. First-party cookies are set by the domain the user visited directly; third-party cookies are set by foreign domains embedded in the page (e.g. advertising systems) — the Danito service uses no third-party cookies.
Consent and its withdrawal
On the first visit, a cookie consent banner is shown. Consent is divided into two categories:
- Essential — always active; without them the website cannot function (storing the consent itself, the login session, protection against CSRF attacks).
- Anonymous analytics — optional, off by default; if the user enables it, the website measures anonymous traffic statistics using the self-hosted Umami tool in the EU.
The choice can be changed at any time via the “Cookie settings” button in the page footer. The setting applies separately to each domain (danito.cz and app.danito.cz), because cookies are separated per domain within the browser. Consent is stored locally in the cookieconsent-v1 cookie for the given domain, valid for 365 days.
List of cookies
The following table lists all cookies that the Danito service sets in the MVP. When a new feature that would store another cookie is introduced, this table is updated within the same release (see docs/legal.md).
| Name | Domain | Purpose | Validity | Type |
|---|---|---|---|---|
cookieconsent-v1 | danito.cz | Stores your cookie consent for the marketing pages; set by Klaro | 365 days | First-party, essential |
cookieconsent-v1 | app.danito.cz | Stores your cookie consent for the application; independent of danito.cz; set by Klaro | 365 days | First-party, essential |
JSESSIONID | app.danito.cz | Login session to the service (Spring Session, JDBC store) | Up to 30 days (until logout) | First-party, essential |
XSRF-TOKEN | app.danito.cz | Protection against CSRF attacks (Spring Security) | Browser lifetime (session) | First-party, essential |
| no analytics cookies | n/a | Umami analytics uses no identifiers or cookies | n/a | n/a (anonymous aggregate on the server) |
The cookieconsent-v1 cookie is set with the attributes Path=/, SameSite=Lax, and Secure (on HTTPS). The JSESSIONID cookie has the attributes HttpOnly, SameSite=Lax, and Secure (on HTTPS); its lifetime is renewed on each user activity up to a limit of 30 days of inactivity.
Per-domain consent mode
Cookies are separated per domain by the browser. Consent granted on danito.cz therefore does not automatically apply to app.danito.cz and vice versa — this is a GDPR-compliant consequence of each domain having its own cookie store. On the first visit to each of the two domains, the consent banner is shown separately.
No analytics cookies
If the user enables the optional “Anonymous analytics” category, the website measures aggregated statistical data using the self-hosted Umami tool. In the Danito configuration, Umami uses no cookies or user identifiers: anonymous hashes are stored only short-term on the server and are rotated daily, so individual visits cannot be linked. No analytics cookie is stored in the browser.
Third parties
The Danito service uses no third-party cookies — no advertising pixels, no social-network buttons loaded from foreign domains, no third-party CDNs. All analytics and availability monitoring run on the operator’s infrastructure (see the privacy policy, section “Recipients and processors”).
Changes to this document
If another cookie is added to the service (for example when introducing paid tariffs and the related payment processor), this page will be updated within the same release and a substantial change will be announced on the main changelog page (/en/zmeny).