CodeB Identity Solutions
Home  /  Privacy Manifesto
An engineering principle, not a marketing slogan

A site that does not watch you.

Most B2B vendor websites quietly load a dozen third-party scripts before the page has finished rendering — Google Analytics, Meta Pixel, LinkedIn Insight Tag, Hotjar session recordings, an A/B-test SDK, a chat widget, a retargeting tag or two. The consent banner that appears in front of the content is the price of admission. We decided not to do that. www.codeb.io is hosted in the EU and carries no tracking cookies and no third-party analytics tools. This page is the engineering reasoning behind that choice.

What is not on this site

We list these by name so you can verify it in any browser developer-tools network tab. www.codeb.io does not load and does not contain:

  • No Google Analytics, GA4, Google Tag Manager or Universal Analytics.
  • No Meta Pixel (Facebook), no LinkedIn Insight Tag, no TikTok Pixel, no X/Twitter conversion tag.
  • No Hotjar, Mouseflow, Smartlook, FullStory or any other session-replay tool.
  • No A/B-test or experimentation SDK (no Optimizely, no Google Optimize, no VWO).
  • No third-party chat widget (no Intercom, Drift, HubSpot Chat, Zendesk Chat or similar).
  • No HubSpot, Marketo, Pardot, ActiveCampaign or other marketing-automation script.
  • No retargeting pixels, no advertising-network tags, no programmatic ad SDK.
  • No browser-fingerprinting or canvas-fingerprinting library.
  • No CDN-side scripted edge-worker that mutates the page based on visitor profile.
  • No "essential" tracking that pretends not to be tracking.

Consequently, this site sets no cookies of its own and does not require a consent banner. There is nothing to consent to. You arrive on the page and the page is just text, vector icons and a small amount of CSS and JavaScript that lives on our server.

What this site does load — the honest list

We are not interested in claiming purity we cannot prove. Here is everything the browser fetches when you open a page on www.codeb.io:

  • HTML, CSS and a small script.js — served from our own EU-hosted infrastructure, with no telemetry built into them.
  • Web fonts from Google Fonts (fonts.googleapis.com and fonts.gstatic.com). We use the Raleway display font and IBM Plex Mono for typography. Google Fonts is a third-party domain — loading those fonts discloses your IP address to Google. The CDN does not set cookies, does not run JavaScript, and Google publicly states that font-request data is not used for advertising or profiling. We disclose this in the privacy policy under Art. 6(1)(f) GDPR. If you would rather not connect to Google Fonts, the typography degrades gracefully to your operating-system fonts.
  • YouTube video embeds — only when you click play. A demo and a customer-case video are embedded on the products and industries pages. We use the youtube-nocookie.com privacy-enhanced domain, and the video does not load until you actively press the play button. Until you click, no request is made to YouTube and no cookie can be set.
  • Nothing else. No external counters, no third-party JavaScript SDKs, no remote configuration calls.

Why the engineering team chose this

CodeB is a Windows logon product that runs entirely on the customer’s own infrastructure. It is designed to operate without a cloud connection. It does not phone home with usage data, machine inventories or token statistics. The customers who buy it — hospitals, manufacturers, regulated offices — are buying that property as a feature, not an accident.

It would be incoherent for the product’s own marketing site to do the opposite. A vendor that loads twenty trackers on its homepage is teaching its prospects that tracking is normal. We do not want to be that vendor. The same principle that keeps telemetry out of the credential provider keeps Google Analytics out of the homepage.

There is a practical bonus: GDPR compliance is dramatically simpler when there is nothing to consent to. We do not need a banner. We do not need a consent-management platform. We do not need to chase down the fourteen third-party processors that a typical SaaS marketing stack drags in. The privacy policy is shorter because the site does less.

What we give up by doing this

This is the part nobody else writes. Going analytics-free has real costs and you should know what we are paying:

  • We do not know which pages you visited. We do not know how long you stayed. We cannot run A/B tests on copy.
  • We cannot retarget you on LinkedIn or Google after you leave. Our paid-search campaigns (when we run them) cannot measure conversion at the page level.
  • We cannot tell whether a particular blog post or comparison table is performing well. We will read the form submissions and the emails, and that is our entire feedback loop.
  • If you fill in the contact form, the resulting email contains exactly what you typed, plus the timestamp and the IP the form was submitted from (for abuse control). Nothing more.

We are comfortable with that trade. If you want to give us feedback on the site, the most reliable channel is to write to info@codeb.io and tell us — a human reads every message.

Where to read the legal version

This page is the principle. The legally binding statement of how we handle personal data is in the privacy policy: controller identity, legal bases under Art. 6 GDPR, retention, transfers, data-subject rights and the complaint route to a supervisory authority.

Last reviewed: 22 May 2026.