Nextcloud only stores cookies needed for Nextcloud to work properly. All cookies comes from your Nextcloud server directly, no 3rd-party cookies will be sent to your system. Regarding GDPR, only data which contain personal data are relevant.

Cookies stored by Nextcloud

Cookie Data Stored Lifetime
Session cookie
  • session ID
  • secret token (used to decrypt the session on the server)
24 minutes
Same-site cookies no user-related data are stored, all same-site cookies are the same for all users on all Nextcloud instances forever
Remember-me cookie
  • user id
  • original session id
  • remember token
15 days (can be configured)

The same-site cookies are used to determine how a request reaches the Nextcloud server. We use them to prevent CSRF attacks. No identifiable information is stored in those. The rest of the cookies are strictly used to identify the user to the system.