Musaium operates under the strictly-necessary exemption of ePrivacy Directive Article 5(3): we only set cookies that are technically required to deliver the service the user explicitly requested. No tracking cookies, no behavioural analytics, no advertising identifiers, no Session Replay.
Because every cookie below is strictly necessary, prior consent is not required (ePrivacy Article 5(3), recital 25; CNIL guidance on consent exemptions).
You will not see a cookie banner on musaium.com because we have nothing for which we would need to ask consent.
Cookies we set
| Cookie name | Purpose | Duration | Scope |
|---|---|---|---|
| admin-authz | Admin panel authentication (JWT carrier, HttpOnly). | 15 minutes (rotated via refresh token). | /admin only. |
| csrf_token | Cross-site request forgery protection for admin write actions. | Session. | /admin only. |
| connect.sid | Backend session identifier used for authenticated API calls from the marketing site. | Session. | Backend API origin only. |
Questions about cookies? Contact tim.moyence@gmail.com. We will respond within 30 days.