Eleven11 uses only first-party essential cookies — login state, CSRF tokens, locale preferences. We don't use advertising cookies, cross-site tracking cookies, or third-party analytics cookies. When we add analytics, we'll use self-hosted Plausible (cookieless, first-party, no third-party data sharing).

We set only the cookies necessary to run the products you’ve logged into. We don’t set any cookies before you take an action that requires them. There are three categories:

• Session cookies— keep you logged in while you use an Eleven11 product. These expire when you close your browser or when the server-side session is invalidated (whichever comes first). Without them, you’d have to authenticate on every page load.
• CSRF tokens — protect against cross-site request forgery on form submissions. Every form that changes state (login, settings, publish, delete) checks this token before acting. These are short-lived and tied to your session.
• Locale and preference cookies— remember your language and theme choices across visits. These persist so you don’t have to re-set preferences every time. They contain no personal information — just tokens like en or dark.

None of these cookies are shared with third parties. None of them leave Eleven11’s own infrastructure.

We don’t set:

• Advertising cookies
• Cross-site tracking cookies
• Third-party analytics cookies
• Fingerprinting scripts
• Meta Pixel
• Google Analytics
• Hotjar or similar session-recording tools

If you see something on an Eleven11 surface that looks like third-party tracking, write to [email protected] — that’s a bug, not a feature.

When we add analytics, we’ll use Plausible Analytics, self-hosted on our own EU-DE infrastructure. Plausible is cookieless: instead of dropping a tracking cookie, it builds an anonymous daily fingerprint from a hash of your IP address, browser user agent, and the current date. That fingerprint rotates every 24 hours — it can’t be used to track you across days, across sites, or across sessions.

We haven’t deployed Plausible yet. Right now, the only traffic data we have is what our reverse proxy (Cloudflare) and our application logs collect — no third-party SaaS, no advertising attribution, no cross-site profile.

When Plausible activates, the script will load from analytics.eleven11.pro/js/script.js— a hostname we operate directly. You’ll be able to block it with an ad blocker or by disabling JavaScript without breaking anything on an Eleven11 product. We won’t gate features behind analytics consent, and we won’t pop a cookie banner because we won’t need one. This page is the single update point on activation.

This page is the single update point if our cookie posture ever changes. We commit to keeping it accurate: the list of cookies above reflects what we actually set today, not what we might set in future.

If we ever add a cookie that isn’t essential — for example, if we introduce an optional product feature that requires one — we will update this page on the day the change goes live, and notify account holders at their registered email before the change takes effect, using the same mechanism as for Privacy and Terms updates.

We won’t add advertising or cross-site tracking cookies. That’s not a policy hedge — it’s a product direction.

Questions about cookies or our analytics setup? Write to [email protected]. For anything else, [email protected] reaches a person.