$ dfa.machine
Legal · Policy 04

Cookie Policy

Last updated 28 May 2026. What cookies dfamachine.com sets, why, how long they last, and how you can switch them off.

1. What cookies are

Cookies are small text files placed on your device when you visit a website. They let the site remember your actions and preferences (sign-in, language, display options) over a period of time, so you don't have to re-enter them each time you come back. We also use related technologies such as local storage, session storage and pixel tags; references to "cookies" in this policy cover those technologies too.

2. Categories we use

  • Strictly necessary — required to deliver the service you have requested (load balancing, CSRF protection, authentication, payment processing). These cannot be switched off in our systems.
  • Functional — remember preferences such as locale, theme, and previously viewed quotes. Disabling them will not break the site but may degrade your experience.
  • Analytics — Plausible Analytics, run cookieless on the EU. We only see aggregate page views, referrers and country. No personal profile is built.
  • Marketing — only set if you explicitly opt in via our consent banner. Currently we do not run any third-party advertising pixels.

3. Cookies we set

  • dfam_session — strictly necessary, session, first-party, used to keep you signed in to the customer portal.
  • dfam_csrf — strictly necessary, session, first-party, anti-forgery token on forms.
  • dfam_consent — functional, 12 months, first-party, stores your consent choices so we don't ask again.
  • dfam_locale — functional, 12 months, first-party, remembers your language / currency choice.

Third-party cookies are only loaded after consent: Stripe (payment flow) and Cloudflare Turnstile (bot mitigation on forms). Neither is used for advertising.

4. Legal basis

Strictly necessary cookies are placed under the "communication is necessary" exemption (Regulation 6(4) PECR; Article 5(3) EU ePrivacy Directive). All other cookies are placed only with your prior, freely given, specific and informed consent, which you may withdraw at any time.

5. Managing your choices

You can change or withdraw consent any time using the "Cookie settings" link in our footer. You can also block or delete cookies via your browser settings — see aboutcookies.org for browser-specific instructions. Note that disabling strictly necessary cookies will prevent the site from working.

6. Do Not Track & Global Privacy Control

Our consent layer honours the Global Privacy Control (GPC) signal as a valid opt-out of non-essential cookies. Browser "Do Not Track" headers are interpreted as a signal of intent and treated the same way.

7. Changes

We review this policy at least every 12 months and whenever we add, remove or materially change a cookie. Material changes are surfaced via a refreshed consent banner.

8. Contact

Cookie questions: contact@dfamachine.com.