CSURFACE CSURFACE THREAT SENSOR
  • Home
  • Analytics
  • News
  • About
  • Tools
    • Constellation
  • Libraries
    • CWE
    • CAPEC
    • MITRE ATT&CK
    • MITRE D3FEND
    • OWASP Top 10
    • Ransomware Groups
    • References
  • Support
  • EN | PT
TEMPLATE — Review with legal counsel before production

Cookie Policy

Effective date: April 2026

1.What are cookies

Cookies are small text files that a website stores in the user's browser during their visit. They contain information that allows the site to recognize the browser on subsequent visits, keep you authenticated, remember your preferences, or provide specific functionalities.

There are different categories of cookies according to their purpose: essential (necessary for site operation), functional (improve experience), security (protect against attacks), analytics (collect usage statistics), and advertising (track the user for targeted ads).

Cookies can also be classified as session (deleted when the browser is closed) or persistent (remain stored for a determined period), and as first-party (set by the site you are visiting) or third-party (set by other domains, usually for cross-site tracking).

In this policy, we explain exactly which cookies the CSURFACE Threat Sensor Platform uses, their purpose, how long they remain stored, and how you can control them.

2.Cookies we use

CSURFACE Threat Sensor uses a minimal set of strictly necessary cookies for Platform operation. All cookies listed below are set directly by the threatsensor.csurface.io domain (first-party cookies) and are not shared with third parties.

Name Category Purpose Duration
session Essential Keeps you authenticated on the Platform after login. Contains an opaque session identifier, stored encrypted on the server. It is marked as HttpOnly and Secure to prevent access via JavaScript and transmission over non-secure HTTP. Session or up to 24 hours
lang / language Functional Stores your language preference (en or pt-BR) so that the Platform is displayed in the chosen language on subsequent visits, even without login. 1 year
csrf_token Security Anti-CSRF (Cross-Site Request Forgery) token used to protect forms and modification requests against cross-origin request forgery attacks. It is regenerated on each session. Session

Technical notes

  • All listed cookies are marked with the Secure attribute, ensuring they are only transmitted over HTTPS connections;
  • The session cookie is marked as HttpOnly, preventing access via client-side JavaScript and mitigating XSS risks;
  • All cookies use the SameSite=Lax or SameSite=Strict attribute to prevent cross-site attacks;
  • We do not use cookies for cross-domain tracking or linking to third-party identities.

3.What we do NOT do

We do not use third-party tracking, advertising, or analytics cookies.

We value your privacy and, for this reason, the CSURFACE Threat Sensor Platform does not use:

  • Google Analytics, Matomo, Plausible or any other traffic analysis service based on third-party cookies;
  • Google Ads, Facebook Pixel, LinkedIn Insight Tag or any targeted advertising or remarketing service;
  • Cross-site tracking cookies to build behavioral profiles;
  • Third-party cookies injected by social widgets (share buttons, likes, etc.);
  • Browser fingerprinting or similar cookie-less identification techniques;
  • Web beacons, tracking pixels or other opaque telemetry mechanisms;
  • Cookie sharing with data brokers, advertising networks, or third-party entities.

We only collect aggregated usage metrics on the server side, based on application logs, and only for operational and service improvement purposes, as described in our Privacy Policy.

4.How to disable cookies

You have full control over the cookies stored in your browser. You can view, block, or delete them through your browser settings. However, disabling essential cookies may prevent the Platform from functioning correctly, specifically the ability to log in and maintain active sessions.

Consult your browser's official documentation for instructions on how to manage cookies:

  • Google Chrome: support.google.com/chrome/answer/95647
  • Mozilla Firefox: support.mozilla.org (cookies)
  • Apple Safari: support.apple.com/safari (manage cookies)
  • Microsoft Edge: support.microsoft.com/edge (delete cookies)
  • Brave: support.brave.com (cookies)

Most browsers also allow you to:

  • View which cookies are stored and delete specific cookies;
  • Block third-party cookies while allowing first-party cookies;
  • Enable private/incognito browsing mode, which generally prevents cookie storage after window closure;
  • Configure the browser to request your approval before accepting each cookie;
  • Enable options such as "Do Not Track" or "Global Privacy Control".

If you choose to disable all cookies, you can still access the public content of the Platform, but you will not be able to log in, save language preferences, or use features that require authentication.

To clear specific CSURFACE Threat Sensor cookies without affecting cookies from other sites, use your browser's "Manage site cookies" feature and look for the domain threatsensor.csurface.io.

5.Changes and Contact

This Cookie Policy may be updated periodically to reflect changes in the cookies we use or legal requirements. Whenever material changes are made, the effective date at the top of this page will be updated.

For questions related to this Cookie Policy, contact [email protected].

For more information about how CSURFACE processes your personal data in general, see our Privacy Policy and our Terms of Service.

Effective date: April 2026

CSURFACE Threat Sensor — A CSURFACE project

Terms · Privacy · Cookies