What Dnomia stores and why
This policy explains what cookies and similar technologies Dnomia uses, their purposes, and how you can control them.
Last updated: February 2026
1. What Are Cookies
Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work more efficiently and to provide information to site owners.
Dnomia uses first-party cookies and browser storage (localStorage) to support core tracking functionality such as visitor identification, session management, and consent state persistence. We do not set any third-party tracking cookies.
2. Cookies We Set
The following cookies are set by the Dnomia SDK when installed on a website. All are first-party cookies stored under the customer's own domain.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| _dnomia_id | Visitor identification for attribution and conversion tracking | 90 days | First-party, essential for service |
| _dnomia_consent | Stores user consent preference (granted/denied/pending) | 90 days | First-party, essential |
| _dnomia_session | Session tracking for pageview grouping | Session | First-party, essential |
3. Advertising Platform Cookies
The following cookies and URL parameters are created by advertising platforms, not by Dnomia. Dnomia reads these values to support click attribution and conversion tracking. They are only accessed after the user has granted full consent.
| Cookie / Parameter | Source | Purpose |
|---|---|---|
| _gcl_aw (gclid) | Google Ads | Click attribution |
| _ga / _ga_* | Google Analytics | GA4 client ID and session data |
| _fbp | Meta / Facebook | Browser identification |
| _fbc | Meta / Facebook | Click attribution |
| msclkid | Microsoft Ads | Click attribution |
| ttclid | TikTok | Click attribution |
| _ttp | TikTok Pixel | Pixel identification |
| _epik | Pinterest Tag | Click attribution |
| __kla_id | Klaviyo | Subscriber identification |
These are read-only. Dnomia reads existing cookies set by advertising platforms but does not create or modify them. Access occurs only when the user has granted full consent.
4. Cookie Consent
The default consent state is "pending". In this state, no cookies are set, no events are sent to the server, and no data is stored. Tracking only begins after the user explicitly grants consent.
The respectDNT (Do Not Track) setting is enabled by default. When a visitor's browser sends the DNT signal, the SDK enters silent mode regardless of consent state.
Consent Levels
Full
All tracking enabled. Events are sent, cookies are set, advertising platform cookies are read for attribution.
Analytics Only
Basic pageview and session tracking. No advertising platform cookies are accessed.
Denied
No tracking, no cookies, no data collection. Equivalent to opt-out.
CMP Integrations
Dnomia integrates with 7+ Consent Management Platforms to automatically detect and respect user consent preferences:
Cookiebot, OneTrust, Usercentrics, Iubenda, Mobildev, Efilli, IAB TCF 2.2+
5. Server-Set Cookies
Dnomia supports multiple tracking domain configurations that affect how cookies are set and their effective lifetime.
Reverse Proxy
The cookie is set from the customer's own infrastructure (Nginx, Vercel rewrites, Cloudflare Worker). This provides the strongest first-party legitimacy and bypasses all ITP restrictions. Recommended for privacy-sensitive deployments.
CNAME
A DNS-level subdomain delegation (e.g. track.example.com pointing to scout.dnomia.app). Easy setup with no server configuration required. Works on all platforms with DNS access.
Default (Client-Side)
If no server-side method is configured, the SDK sets cookies via JavaScript. Safari ITP limits client-side cookies to 7 days. Returning visitors after 7 days are counted as new.
Regulatory Notice (CNAME)
CNIL (the French data protection authority) has issued guidance on CNAME-based tracking. When using CNAME delegation, ensure your privacy policy clearly discloses this practice and that valid user consent is obtained before any tracking occurs. This applies to all jurisdictions that reference CNIL guidelines.
6. Browser Storage
In addition to cookies, the Dnomia SDK uses localStorage and sessionStorage for non-cookie persistence. All keys are prefixed with _dnomia_. This includes:
Session count, last activity timestamp, visitor ID, click ID parameters (gclid, fbclid, etc.), consent state, and queued events.
Browser storage is cleared when consent is withdrawn or when the forget command is executed.
7. Cookieless Analytics Mode
When consent is denied or pending, Dnomia can operate in cookieless mode via the /v1/ping endpoint. This mode:
- Sets no cookies
- Uses no browser storage
- Collects no personal identifiers
- Sends only aggregate page view data (page path, referrer domain, device type, page title)
This mode is suitable for websites that want basic analytics without requiring cookie consent.
8. How to Manage Cookies
If the website uses a Consent Management Platform (CMP), you can update your cookie preferences at any time through the consent banner or settings panel provided by the CMP.
You can also manage cookies through your browser settings. Most browsers allow you to block or delete cookies, view stored cookies, and set per-site preferences. Refer to your browser's help documentation for specific instructions.
Disabling cookies may affect tracking accuracy. Without cookies, returning visitors cannot be recognized across sessions, and attribution data may be incomplete.
9. Contact
For questions about this cookie policy or how Dnomia handles cookies, contact us at:
DNOMIA Bilgi Teknolojileri Tic. Ltd. Sti.
support@dnomia.com