What about cookies?

I am using ghost with the caspar theme. As I live in germany I need to have some kind of cookie policy in order to prevent legal issues.
I am pretty novice in terms of using ghost but I’m making my way.
My questions are:
Does ghost set any cookies besides the cookies necessary for admin/author/owner-login?
If so, how do I prevent ghost from doing so and what are those cookies?
Is there any plugin, code snippet that let’s me simply deal with cookie op-in/out?

I found [https://cookieconsent.osano.com/] and I’m able to implement the simplest version of it in my default.hbs BUT as a fact I have to use an opt-in or opt-out option and it is far beyond my skillset to do so. At [https://cookieconsent.osano.com/documentation/disabling-cookies/] there’s some code for opt-in/out but I do not understand how to figure out what I have to write into the
// enable and // disable cookies lines.
If someone has any hint or explanation how I could handle my problem I’d be more than happy.

Cheers

3 Likes

Hey! Neither Ghost(Pro) or Ghost itself store any user data unless given voluntarily. Further reading can be done on our FAQs:

I’ve found an article online on how to add a simple Cookie Consent banner to your site, ignore the references to the Raspberry Pi as this is just how they installed their version of Ghost

4 Likes

Further to the above, Ghost itself will not set any cookies for your general visitors. The two times cookies are used are when logging in to the admin area, and if you have your site set to private mode where it’s necessary to type a password to view the site. In both instances these are session cookies and do not contain user information, the private mode cookie is also not tied to any particular user.

7 Likes

@Kevin is it correct to state that ghost is cookie less, unless you set up a membership? is there some sort of template to copy and customize. Or does the text coming with the default installation cover also the membership? (I guess not)

Wondering how Ghost fares when it comes to privacy and GDPR rules? Good news: Ghost does not use any tracking cookies of any kind.

You can integrate any products, services, ads or integrations with Ghost yourself if you want to, but it’s always a good idea to disclose how subscriber data will be used by putting together a privacy page.

Ghost itself only uses cookies for member logins and private site mode.

However, there are limitless ways for cookies to end up being used. It can be dependent on how you are hosting (CDNs can add cookies), what analytics packages you are running, any third party scripts or services your theme or site content is using, whether you embed content from external sites, and so on.

You should always analyse your own site and put in place anything necessary to comply with any relevant regulations. There’s no template to copy because it’s very much dependent on your specific usage, audience, and jurisdictions.