Legal
Cookie Policy
Last updated: 17 May 2026
1. About this policy
This Cookie Policy explains how SecForm ("we", "us", "our") uses cookies and similar technologies (collectively, "cookies") on secform.fr, on any public form we host, and in our administrator dashboard. It is a complement to our Privacy & Data Protection Policy and our Terms & Conditions.
Our use of cookies complies with the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR"), the ePrivacy Directive (2002/58/EC), and the guidelines of the French data protection authority (CNIL) on cookies and trackers.
2. What is a cookie?
A cookie is a small text file stored on your device when you visit a website. We also use equivalent technologies such as local storage, session storage, and pixel tags. References to "cookies" in this policy cover all of these technologies.
3. Categories of cookies we use
Strictly necessary cookies
Required for the website to function — authentication, security, fraud prevention, CSRF protection, and load balancing. They cannot be turned off and do not require consent under Article 82 of the French Data Protection Act.
Functional cookies
Remember choices you make (such as language or form progress) to give you a better experience. Where these cookies are strictly necessary for a service you explicitly request — for example saving your place in a multi-step form — they are exempted from consent under CNIL guidance. Otherwise we ask for your consent.
Analytics cookies
We do not use Google Analytics or other consent-requiring analytics tools by default. We measure aggregate product usage with server-side, privacy-preserving analytics that do not set cookies on your device and do not allow re-identification of individual visitors. If a customer chooses to enable a third-party analytics tool on their own form, a consent banner will be displayed before any such cookie is set.
Advertising / cross-site tracking cookies
We do not use advertising cookies and we do not allow third parties to set cross-site tracking cookies on SecForm.
4. Cookies we set
The table below lists the cookies that may be set when you use the SecForm website, public forms, or the dashboard. Cookies marked "Strictly necessary" are set without consent, in accordance with Article 82 of the French Data Protection Act and CNIL guidance; all other cookies are set only after you have consented through our cookie banner.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| sb-access-token | secform.fr | Keeps an authenticated administrator signed in to the SecForm dashboard. | Strictly necessary | 1 hour (refreshed on activity) |
| sb-refresh-token | secform.fr | Allows the dashboard session to be refreshed without re-entering credentials. | Strictly necessary | Up to 30 days |
| sf_csrf | secform.fr | Protects form submissions against cross-site request forgery. | Strictly necessary | Session |
| sf_form_session | secform.fr | Stores form progress (e.g. step number, draft answers) so applicants can complete a form without losing input. | Functional | 24 hours |
| sf_locale | secform.fr | Remembers the language you selected on a public form. | Functional | 1 year |
| cf_clearance / __cf_bm | Cloudflare | Distinguishes humans from bots and protects against abuse and DDoS attacks. Set on the network edge. | Strictly necessary | Up to 30 minutes |
| cf-turnstile-* | Cloudflare Turnstile | Privacy-friendly CAPTCHA used in place of Google reCAPTCHA to prevent automated submissions. | Strictly necessary | Session |
5. Legal bases
- Strictly necessary cookies are set on the basis of Article 82(II) of the French Data Protection Act, which exempts cookies that are strictly necessary for the provision of an electronic communication service expressly requested by the user.
- Functional and analytics cookies, where used, rely on your consent (Art. 6(1)(a) GDPR and Art. 82 of the French Data Protection Act).
6. How to manage your consent
When non-essential cookies are used, a consent banner appears on your first visit. You can:
- Accept all, reject all, or fine-tune your choices by category — refusing is as easy as accepting, in line with CNIL guidance.
- Change or withdraw your consent at any time by clicking the "Cookie settings" link in the website footer. Consent decisions are stored for a maximum of six (6) months, after which we ask again.
- Refusing non-essential cookies will not prevent you from using the core functionality of SecForm.
7. Browser-level controls
You can also manage cookies in your browser settings — block all cookies, delete existing cookies, or be notified before a cookie is set. Note that blocking strictly necessary cookies will prevent the dashboard and forms from working correctly.
8. Third-party services
Where strictly-necessary third parties (such as our CDN and anti-bot provider, Cloudflare) set cookies on our behalf, they act as data processors and are bound by written agreements meeting Article 28 GDPR. Cloudflare data centers serving the European region operate from the EU. A current list of sub-processors is available on request at dpo@secform.fr.
9. Your rights
Cookies may involve the processing of personal data. You can exercise your data subject rights (access, rectification, erasure, restriction, portability, objection, withdrawal of consent) as set out in our Privacy & Data Protection Policy by writing to privacy@secform.fr. You also have the right to lodge a complaint with the CNIL (cnil.fr).
10. Changes to this policy
We may update this Cookie Policy from time to time to reflect new cookies, changes in the law, or changes in our practices. The "Last updated" date at the top of this page reflects the latest revision. Material changes will be notified by email or in-product notice.
11. Contact
Questions about this Cookie Policy can be sent to privacy@secform.fr or to our Data Protection Officer at dpo@secform.fr.