Last Updated: March 12, 2026 — Version 2.0
This Cookie Policy explains how CounterSign and its infrastructure partners use cookies and similar technologies, and what data is collected in connection with the use of our platform.
This Cookie Policy applies to the CounterSign web application and all associated services accessible via cs.c2cz.com and any successor domains (the "Service"). It should be read in conjunction with our Terms of Service and our GDPR & Privacy Policy, which together form the complete legal framework governing your use of the Service.
This Cookie Policy describes: (a) the cookies and similar technologies set and used directly by CounterSign; (b) the data collected by CounterSign's infrastructure and service partners in connection with your use of the Service; and (c) your rights and options with respect to cookies and data collection. We are committed to transparency about data collection and processing, including with respect to technologies and practices that fall outside our direct control.
Cookies are small text files placed on your device (computer, tablet, smartphone, or other connected device) when you visit a website. They are widely used to make websites function, to improve their efficiency, and to provide reporting information. Cookies allow a website to recognize your device and remember information about your visit.
"Similar technologies" include web beacons, pixel tags, local storage objects, session storage, and other persistent or session-based tracking technologies that function similarly to cookies. This Policy applies to all such technologies to the extent they are used in connection with the Service.
CounterSign sets a minimal number of cookies that are strictly necessary for the Service to function. We do not set advertising, marketing, or cross-site tracking cookies.
| Cookie Name | Purpose | Duration | Legal Basis |
|---|---|---|---|
| countersign_token | Authentication session management. Identifies your authenticated session and maintains your logged-in state. | 30 days | Strictly necessary — contract performance (GDPR Art. 6(1)(b)) |
Security properties of the countersign_token cookie:
In addition to cookies, CounterSign collects and retains Internet Protocol (IP) address data and precise timestamps associated with each request made to the Service. This data collection is not optional and is fundamental to the Service's core functionality.
Why we collect IP addresses and timestamps: The Service's primary purpose is to provide an immutable, timestamped, cryptographically verifiable record of User acknowledgment of published legal terms. The IP address and timestamp associated with each access event constitute part of the evidentiary record that forms the basis of the constructive notice function. This data provides technical proof of who accessed the Service, when they accessed it, and from where — information that may be material in legal proceedings where the enforceability of a User's published terms is at issue.
What we collect:
IP and timestamp data is retained for a period consistent with the Service's evidentiary purpose and applicable legal requirements. Full details of retention periods and your rights regarding this data are set out in our GDPR & Privacy Policy. The legal basis for this processing under GDPR is contract performance (Article 6(1)(b)) and the legitimate interests of the Operator and Users in maintaining the evidentiary integrity of the platform (Article 6(1)(f)).
The Service relies on a number of third-party infrastructure and service providers, each of which may independently collect data about your use of the Service. The Operator has no ability to control, prevent, or audit the data collection practices of these third parties, which are governed exclusively by each provider's own privacy policies and terms of service. We disclose these third-party data collection activities in the interest of full transparency, even where they are beyond our control.
All network traffic to and from the Service passes through Cloudflare's global content delivery and edge computing network. Cloudflare is the Service's infrastructure provider and processes all HTTP requests on the Service's behalf. In the course of providing its services, Cloudflare independently collects data including IP addresses, request metadata, performance metrics, security event data, and potentially other network-level telemetry. This data collection is performed by Cloudflare for its own operational, security, and product improvement purposes, in addition to providing the contracted services to the Operator.
The Operator deeply regrets that it does not have the technical means to prevent Cloudflare from collecting data as part of its network-level operations. The use of Cloudflare is a fundamental architectural dependency of the Service and cannot be removed without rebuilding the platform entirely. Cloudflare's data collection is governed by Cloudflare's Privacy Policy, which is available directly from Cloudflare and is subject to change at Cloudflare's discretion.
Provider: Cloudflare, Inc. | Jurisdiction: United States | Data processing: network level, independent of Operator control
The Service loads typography resources (specifically, the Merriweather and Inter font families) from Google Fonts, a service operated by Google LLC (a subsidiary of Alphabet Inc.). When your browser requests these font files, your browser transmits your IP address, browser type, device information, and the referring page URL to Google's servers. Google may use this information in accordance with its own privacy practices, which are governed by Google's Privacy Policy.
The Operator acknowledges and genuinely regrets that it does not have the ability to prevent Google from collecting the request data that is transmitted when fonts are loaded. While alternative solutions (such as self-hosted fonts) exist, the current implementation relies on the Google Fonts CDN. The Operator has no access to, control over, or visibility into any data Google may collect, retain, or process as a result of font requests from the Service. Users concerned about Google's data collection practices may consider using a browser extension that blocks CDN requests, though this may affect the visual presentation of the Service.
Provider: Google LLC | Jurisdiction: United States | Data processing: font delivery CDN, independent of Operator control
The Service's source code is hosted and version-controlled on GitHub, a platform operated by GitHub, Inc., a wholly-owned subsidiary of Microsoft Corporation. The Operator is aware that GitHub and its parent company Microsoft publicly state that they do not independently collect personal data from end users of services merely hosted on their infrastructure. However, the Operator makes no representations or warranties regarding the accuracy, completeness, or ongoing accuracy of these statements.
Data collection practices of technology companies, including GitHub and Microsoft, can change without public notice, may involve metadata collection not publicly disclosed, and may be subject to governmental or law enforcement requests for data. The Operator has no independent means of auditing what data, if any, GitHub or Microsoft collects, retains, or processes in connection with the Service's codebase or operations. This disclosure is made out of an abundance of caution and in the interest of full transparency. The Operator does not control and is not responsible for any data processing by GitHub or Microsoft. Users who are concerned about this possibility should review GitHub's Privacy Statement and Microsoft's Privacy Policy directly. The Operator expressly disclaims responsibility for any data processing by GitHub or Microsoft.
Provider: GitHub, Inc. / Microsoft Corporation | Jurisdiction: United States | Data processing: code hosting, extent of data collection independently determined by provider
CounterSign does not set or use the following types of cookies or tracking technologies:
The foregoing list relates exclusively to technologies set by CounterSign. As noted in Section 5, certain third-party infrastructure providers may independently set cookies or collect data beyond CounterSign's control, as described above.
Under the General Data Protection Regulation (GDPR) and the ePrivacy Directive as implemented in applicable EU member state law, the Operator's use of cookies is governed as follows:
The Operator is fully cognizant of its obligations under the GDPR, the Digital Services Act (EU) 2022/2065, and other applicable data protection legislation, and is committed to processing personal data only to the extent strictly necessary for the delivery of the Service.
The Operator acknowledges its obligations under the Digital Services Act (DSA) (EU) 2022/2065 and is committed to compliance with the transparency and accountability requirements of the DSA as they apply to its platform operations. The Service does not use algorithmic content recommendation systems, does not display advertising, and does not profile Users for commercial purposes. The Operator will update this Policy as necessary to reflect any changes in DSA compliance requirements applicable to the Service.
You have the right to control cookies through your browser settings. Please be aware that disabling the countersign_token authentication cookie will prevent you from accessing your account and using the Service's authenticated features. This cookie cannot be disabled without losing access to the Service.
To manage cookies in your browser:
To limit data collection by Google Fonts, you may use a browser extension that blocks requests to external CDN domains. To limit data collection by Cloudflare, note that this is not technically possible while using the Service, as Cloudflare processes all network requests at the infrastructure level.
Under GDPR and applicable data protection law, you have the following rights with respect to data we directly collect and process:
To exercise any of these rights, please contact us at privacy@c2cz.com. We will respond to all valid requests within the timeframes required by applicable law. Note that these rights apply only to data processed directly by CounterSign and do not extend to data independently collected by third-party providers.
We may update this Cookie Policy from time to time to reflect changes in our cookie practices, changes in our infrastructure providers' practices of which we become aware, or changes in applicable law. When we update this Policy, we will revise the "Last Updated" date at the top of this page. We encourage you to review this Policy periodically. Continued use of the Service after the date of any update constitutes acceptance of the updated Policy.
For questions about this Cookie Policy or our data practices, please contact us at:
Data Protection Contact: privacy@c2cz.com
General Inquiries: info@c2cz.com