Cookie policy
Last updated: May 2026. The short version: one functional cookie for form security, plus the Tawk.to live-chat widget's cookies. No advertising, no analytics-cookies, no other third-party tags.
The short answer
This site sets two categories of cookies:
- Anti-CSRF token (functional, ours) — protects form submissions from cross-site request forgery. Required for the site to work. Exempt from consent requirements under both the DPDP-Act 2023 and the GDPR's "strictly necessary" carve-out.
- Tawk.to live-chat (third-party) — powers the chat bubble in the bottom-right corner. Tracks visitor sessions so a returning chat correctly resumes from where it left off. Set only after you interact with the page (we lazy-load the widget on first scroll/click). See the table below for the specific cookie names and what they hold.
We do not use:
- Advertising or remarketing cookies (Google Ads, Meta Pixel, LinkedIn Insight, etc.)
- Tracking cookies for profiling (Hotjar, Mixpanel, Segment, etc.)
- Third-party analytics cookies (Google Analytics, Adobe, etc.)
- Social-media embed cookies
For analytics we use Plausible — cookieless by design, hosted in the EU, GDPR / DPDP-friendly. (Plausible will be enabled in v1.5; not active today.)
What these cookies look like
| Name | Purpose | Type | Set by | Expiry |
|---|---|---|---|---|
__Host-X-CSRF |
Anti-CSRF token for form submissions (Request-demo, Contact, Newsletter) | Strictly necessary | This site | Session |
TawkConnectionTime |
Records when your chat session started so a refresh doesn't lose context | Functional (third-party) | tawk.to | Session |
__tawkuuid |
Anonymous visitor identifier so a returning visitor's chat correctly resumes | Functional (third-party) | tawk.to | 6 months |
Our __Host-X-CSRF cookie is HttpOnly, Secure, SameSite=Strict, and uses the __Host- prefix — scoped to this exact host, sent only over HTTPS, not readable by client-side JavaScript. Tawk.to's cookies are set by *.tawk.to when its chat-widget script loads (which we defer until your first interaction with the page).
Tawk.to's own privacy policy and DPA: tawk.to/privacy-policy.
If you turn off cookies
The site will load, but forms will fail (Request-demo, Contact, Newsletter, Unsubscribe) and the live-chat bubble won't work. You can still browse content. If you want to contact us without enabling cookies, email contact@schoolconsole.net directly.
What about the School Console product?
This policy covers only www.schoolconsole.net — the marketing site. When you log in to your School Console account as a customer, parent, student, or staff member, that's a different application with its own cookie usage, documented separately in your school's data-processing agreement.
Changes
If we ever add a new cookie (advertising, analytics, third-party) we'll show a clear consent banner before it's set. The "Last updated" date above reflects the most recent change.
Contact
Questions about this policy: contact@schoolconsole.net. See also our privacy policy.