Nextcloud only stores cookies needed for Nextcloud to work properly. All cookies comes from your Nextcloud server directly, no 3rd-party cookies will be sent to your system. Regarding GDPR, only data which contain personal data are relevant.

Cookies stored by Nextcloud


Data Stored


Session cookie

  • session ID

  • secret token (used to decrypt the session on the server)

24 minutes

Same-site cookies

no user-related data are stored, all same-site cookies are the same for all users on all Nextcloud instances


Remember-me cookie

  • user id

  • original session id

  • remember token

15 days (can be configured)

The same-site cookies are used to determine how a request reaches the Nextcloud server. We use them to prevent CSRF attacks. No identifable information is stored in those. The rest of the cookies are strictly used to identify the user to the system.