Cookie Policy

Cookie consent and disclosure requirements under the Norwegian ePrivacy Act and the EU Cookie Directive are enforceable obligations with real penalty risk. The Norwegian Data Protection Authority (Datatilsynet) has issued fines for non-compliant cookie practices, and the sales website is a public-facing marketing property that is more likely to be audited than internal tooling. Beyond compliance, a transparent Cookie Policy builds trust with the non-profit and public-sector organizations that Meander targets - audiences that are increasingly privacy-aware and may scrutinize cookie usage as part of their vendor evaluation. Proper consent management also ensures that analytics data is legally collected, making it reliable for marketing and product decisions.

The page is a static Next.js route at `/cookie-policy`. It must list every cookie set by the site at the time of publication, including cookies set by third-party scripts such as analytics providers, live chat widgets, or booking tools. The cookie consent banner (e.g. implemented via a consent management platform such as Cookiebot or a lightweight custom solution) must link to this page and block non-essential cookies until consent is given. The Cookie Policy must be regenerated or reviewed whenever new third-party scripts are added to the site. Consider automating cookie scanning as part of the CI pipeline or deployment checklist. The page must be linked from the footer and from the cookie consent banner itself. Strictly necessary cookies (session management, CSRF) do not require consent but must still be disclosed.