You've clicked "Reject All" so many times this year that the act is muscle memory. By now you've figured out those banners aren't really a consent mechanism. They exist because the site behind them is quietly handing your data to Google Analytics, Meta Pixel, and whichever OneTrust-configured vendor list the marketing team wired up.
I'm not running any of it. The marketing site is static HTML. For traffic counts I use Plausible, which is cookieless.
There are two cookies across Gingerbread, and both only appear once you've logged into something. Here they are in full:
gingerbread_sessionon gingerbreadapp.comSet when you log into your client account. Keeps you signed in so you can view your orders, invoices, and project updates without re-entering your password on every click.
gingerbread_sessionon app.gingerbreadapp.comSet when you log into the app itself. Keeps you signed in so you don't re-enter your password every time you click something inside the app.
Both count as "strictly necessary" under Article 5(3) of the EU ePrivacy Directive, which is the clause every legitimate cookie banner is based on. It reads:
"This shall not prevent any technical storage or access for the sole purpose of carrying out the transmission of a communication over an electronic communications network, or as strictly necessary in order for the provider of an information society service explicitly requested by the subscriber or user to provide the service."
- Directive 2002/58/EC, Article 5(3), as amended by 2009/136/EC
Banners disclose tracking. I'm not tracking, so there's nothing to disclose. That's the whole trick.
P.S. If a competitor tells you their banner is "required by law," ask which law. It's the ePrivacy Directive, and it's triggered by the tracking, not the page.
- Bruno