Does your website use third-party services? Get GDPR compliant in minutes.

cState

What does cState do?

Open source Hugo theme that generates a static incident and uptime status page from Markdown files. No backend, no cookies, no third party JavaScript by default. Maintained by the open source community.

What cState is

cState is an open source Hugo theme that turns a folder of Markdown files into a static incident and uptime status page. There is no JavaScript framework, no backend service, no database. Each incident is a Markdown file, and the result is a set of HTML pages served by any static web server.

Data and cookies

cState itself does not set cookies, does not embed third party JavaScript and does not collect personal data. The only personal data potentially involved is the standard request log of the chosen web server, kept by the merchant under their own retention policy.

GDPR and ePrivacy implications

Because no information is stored on the device and no third party data flow is established, Article 5(3) ePrivacy is not triggered and consent is not required. GDPR still applies to the access log, which can be processed under legitimate interest for security and operations.

Get GDPR compliant in 10 minutes

Free plan available · No credit card required

Try FlowConsent free

Optional integrations

You can plug analytics, error tracking, push notifications, RSS or webhook delivery on top of cState. Each of these has its own legal basis, cookie footprint and DPA. Evaluate them separately and reflect their presence in the privacy notice.

Data transfers

There is no transfer originating from cState itself. The merchant chooses the hosting provider (S3, Cloudflare Pages, GitHub Pages, Netlify, EU dedicated server) and assesses any resulting transfer.

Practical compliance steps

Host the status page on an EU friendly provider, keep short retention for access logs, document the legitimate interest, do not add a third party tracker without consent, and refresh the privacy notice every time a new optional integration is enabled.

GDPR consent category

Analytics

Websites using cState must obtain user consent under GDPR regulations.

Legal basisArticle 6(1)(f) GDPR (legitimate interest) for displaying a public status page; processing is limited to the request log of the chosen web server. No consent is required because no cookies, fingerprinting or tracking are introduced by the theme itself.

Risk levellow

Applicable regulationsGDPR, ePrivacy Directive only if the merchant adds optional analytics, German TTDSG, French CNIL guidance on log retention

DPIA considerations

A DPIA is not required. cState by itself stores no personal data. A short legitimate interest analysis covering server access logs is sufficient. If you add analytics, error tracking or push notifications, evaluate them separately.

Sample consent text

Our status page is generated with cState, an open source static theme. No cookies, no JavaScript tracker and no third party analytics are loaded by default. The only personal data we may briefly hold is the access log of our own web server.

Technical details

Tracking methodStatic HTML pages generated by the Hugo theme, no JavaScript tracker, no cookies. Optional integrations (analytics, notifications) are added by the merchant outside of cstate.

Server locationSelf hosted by the merchant on any server (EU or other), since cstate is open source and runs as static files

Cookieless tracking availableYes

Third-party domains contacted

cstate.netlify.appgithub.com/cstate/cstate

Cookies placed

Name	Type	Duration	Purpose
No cookies set	http	N/A	cState is a static Hugo theme and does not set any cookie, localStorage or sessionStorage entry. Only the access logs of the chosen web server may briefly contain IP addresses for security and operational purposes.

cState collects user analytics data — you legally need a consent banner. Try FlowConsent free.

Get started free Scan your site

Frequently asked questions

Which cookies does cState set?

None. cState is a static Hugo theme and does not set cookies, localStorage or sessionStorage. The only personal data potentially involved is the access log of the merchant's web server.

Is user consent required?

No. With its default configuration cState does not store anything on the device and does not perform any third party data transfer, so Article 5(3) ePrivacy is not triggered.

What is the legal basis?

Article 6(1)(f) GDPR (legitimate interest) for displaying a public status page and processing standard server access logs. No consent is needed for the theme itself.

Does cState transfer data outside the EU?

cState itself transfers nothing. The merchant chooses the hosting provider, and any transfer depends on that choice (S3, Cloudflare Pages, GitHub Pages, Netlify, EU dedicated server).

Do I need a DPIA?

No. cState is a static asset with no profiling or large scale personal data processing. A short legitimate interest analysis on access logs is sufficient.

How do I implement cState compliantly?

Host the status page on an EU friendly provider, keep short retention for server access logs, document the legitimate interest in the ROPA, do not add a third party tracker without consent and refresh the privacy notice when integrating analytics or notifications.

What are the alternatives?

Other status page solutions include Statuspage by Atlassian, Better Stack Status (former Better Uptime), Instatus, Statusbrew, Cachet (open source), Gatus (open source), Uptime Kuma (open source) and Hund.

How do I update the cookie policy?

Document cState as a static theme, mention that it sets no cookies and uses no trackers, describe the access log retention of your web server, and refresh the policy whenever you add a third party tool (analytics, notifications, RSS) to the status page.

Get compliant — Try FlowConsent free

Free plan · 10-min setup