Does your website use third-party services? Get GDPR compliant in minutes.
Try FlowConsentFree plan · 10-min setup
Aksara CMS provides a robust content management platform that enables organizations to create, organize, and distribute web content efficiently. Built with scalability and performance in mind, Aksara CMS supports multi-site management, role-based access control, and advanced publishing workflows. Whether running a corporate website or a complex digital portal, Aksara CMS delivers the flexibility and reliability needed to manage content at scale while maintaining optimal page load speeds and search engine.
Aksara CMS is an open source content management system built on the Laravel PHP framework. It is self hosted, which means the operator decides where the database and uploads live and which third party services are integrated. Because it ships without any built in analytics or advertising, the privacy footprint of a vanilla install is small and limited to strictly necessary functionality.
Out of the box Aksara CMS sets a Laravel session cookie and a CSRF token cookie, both first party and tied to authenticated areas of the site. Standard web server logs may record the IP address, user agent and request timestamp. Anonymous visitors who only consult published content do not generate additional personal data unless the operator enables extensions.
The strictly necessary cookies set by Aksara CMS qualify for the exemption in article 5(3) of the ePrivacy Directive: they are needed to deliver the service explicitly requested by the user. They can be deployed without consent, but must still be documented in the cookie policy. As soon as the operator adds third party analytics, embeds or chat widgets, those become subject to the standard consent rules.
Get GDPR compliant in 10 minutes
Free plan available · No credit card required
Strictly necessary cookies rest on article 6(1)(b) GDPR (performance of a contract) or article 6(1)(f) GDPR (legitimate interest in operating the site securely). Any optional cookie or pixel added on top of Aksara CMS, for example for analytics or remarketing, must rely on the visitor explicit consent under article 6(1)(a) GDPR and be loaded only after that consent.
Aksara CMS itself does not transfer data anywhere. The location of personal data depends on where the operator hosts the application and the database. EU operators usually pick an EEA hosting provider to avoid international transfer formalities, and document any third country involvement through Standard Contractual Clauses.
Choose an EU hosting provider, sign a data processing agreement with it, document the Aksara session and CSRF cookies in your cookie policy and put any analytics or marketing extension behind a CMP. Keep the framework patched, restrict admin access and review the integration of third party modules at least once a year.
Websites using Aksara CMS must obtain user consent under GDPR regulations.
DPIA considerations
A DPIA is generally not required for a vanilla Aksara CMS deployment. It becomes relevant when third party analytics, marketing or member features are added and when large volumes of personal data or special categories are processed through the CMS.
Sample consent text
Our website runs on Aksara CMS. Strictly necessary cookies keep your session secure. Optional analytics or marketing cookies are loaded only after you accept them in our cookie banner.
Third-party domains contacted
aksaracms.comgithub.com/aksaracmsCookies placed
| Name | Type | Duration | Purpose |
|---|---|---|---|
| aksara_session | first-party | 2 hours | Laravel session cookie used to identify the authenticated user and persist their state between requests. |
| XSRF-TOKEN | first-party | 2 hours | CSRF protection token verified on every state changing request to prevent cross site request forgery attacks. |
This service may collect user data. Ensure GDPR compliance with FlowConsent.
A standard Aksara CMS install sets a Laravel session cookie (typically named after the application key) and an XSRF token cookie used for CSRF protection. Both are first party, short lived and limited to authenticated areas of the site. No analytics or advertising cookie is set unless an extension is enabled.
No, not for the strictly necessary session and CSRF cookies, which are exempt under article 5(3) of the ePrivacy Directive. Consent is required as soon as the operator adds non essential cookies through plugins, embeds or third party services such as analytics, chats or social media widgets.
For the necessary cookies, the legal basis is article 6(1)(b) GDPR (performance of the contract with the user) or article 6(1)(f) GDPR (legitimate interest in operating the website securely). Optional cookies and third party integrations rely on consent under article 6(1)(a) GDPR.
Aksara CMS by itself does not transfer data anywhere. Transfers depend entirely on the hosting provider and on any third party services the operator integrates. EU operators usually pick an EEA host and document any third country access through Standard Contractual Clauses.
A DPIA is not mandatory for a vanilla Aksara CMS site that only manages public content. It becomes relevant when the platform processes large volumes of personal data, special categories such as health, or supports member areas, profiling and behavioural analytics modules.
Host on an EU server, sign a DPA with the host, keep the framework patched, restrict admin access and document the session and CSRF cookies in the cookie policy. Any analytics, marketing or embed must go through a CMP and be loaded only after explicit consent.
Comparable self hosted CMS solutions that ship with a small privacy footprint include Statamic, Kirby, Grav, Strapi and Directus. They share the same approach as Aksara: minimal default cookies and full operator control over which third party services are added.
List the Aksara session and XSRF cookies as strictly necessary, with their name, duration and purpose. Then enumerate every cookie added by extensions or third party services with their consent category. Provide a clear link to the CMP preference centre so users can change their choices at any time.