Last updated:
Plain-language summary. We use a small number of cookies. Some are strictly necessary for the site to work and don't need consent. The rest — analytics and one or two product cookies — only fire after you click "Accept" on the cookie banner. You can change your mind any time from the link at the bottom of every page.
Note. This page is a working draft pending review by external counsel before launch. The list of cookies below should match the live banner; if you spot a mismatch please email privacy@lock-me.com.
What is a cookie?
A cookie is a small text file a website asks your browser to store. We also use similar technologies (local storage, pixels, server-side identifiers); we describe them all as "cookies" on this page for short.
Categories we use
We group cookies into three buckets:
- Strictly necessary. Required for core functionality — session management, security tokens, the cookie banner itself. No consent required under the ePrivacy Directive; you cannot opt out, but you can block them in your browser, with the understanding that the site may not work properly.
- Analytics. Help us understand which pages people visit, where they get stuck, and what to fix. We use privacy-respecting analytics (no cross-site tracking, IP addresses anonymised) but it's still a non-essential cookie under EU law, so it requires consent.
- Product / functional. Remember preferences (locale, dismissed banners). Set only after consent.
The list
| Name | Category | Provider | Purpose | Lifetime |
|---|---|---|---|---|
__lm_session | Strictly necessary | LockMe (first-party) | Server-side session token for logged-in operators. | Session |
__lm_csrf | Strictly necessary | LockMe (first-party) | Cross-site request forgery protection. | Session |
lm_consent | Strictly necessary | LockMe (first-party) | Stores your cookie consent so we don't ask again. | 12 months |
lm_locale | Functional | LockMe (first-party) | Remembers your language preference. | 12 months |
_pa_* | Analytics | Plausible (EU-hosted) | Aggregated, cookie-less analytics — no personal identifiers. | n/a (cookieless) |
We do not use:
- Marketing or advertising cookies.
- Cross-site retargeting pixels.
- Third-party analytics that profile users across the web.
If we ever add anything that does, we'll update this page first and re-prompt for consent.
How to manage your preferences
- In LockMe. Click "Cookie preferences" in the footer of any page. The banner reopens; you can grant or revoke consent for each non-essential category.
- In your browser. Most browsers let you block or delete cookies in the settings — typically under "Privacy" or "Site settings".
Revoking consent doesn't delete cookies that were already set — your browser handles that. We expire our own non-essential cookies within seven days of revocation.
Do Not Track
We honour Global Privacy Control (Sec-GPC: 1) by treating it as an opt-out for non-essential cookies. We don't act on the older DNT header because it has no defined legal effect in the EU.
Children
LockMe is a B2B platform; we don't direct cookies at children.
Changes
We update this page when our cookie list changes. Material additions trigger a fresh consent prompt.
Contact
Questions about this document? Email legal@lock-me.com. This page is provided for transparency; it does not replace bespoke legal advice for your operation.