Cookie Policy
Status: DRAFT — Requires legal review before publication. Effective date: [DATE] Last updated: [DATE]
1. Introduction
This Cookie Policy explains how Parlacall ("we", "us", "our"), operated by [LEGAL_NAME], uses cookies and similar technologies (including browser local storage) when you visit our website at [WEBSITE_URL] (the "Website"). It explains what these technologies are and why we use them, as well as your rights to control their use.
2. What Are Cookies and Similar Technologies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work, improve efficiency, and provide reporting information.
Local Storage (also called Web Storage) is a technology that allows websites to store data in your browser. Unlike cookies, local storage data is not sent to the server with every request. It serves a similar purpose to cookies and is subject to the same consent requirements under EU law.
Cookies and local storage set by the website owner (in this case, Parlacall) are called "first-party" technologies. Those set by parties other than the website owner are called "third-party" technologies.
3. Technologies We Use
3.1 Strictly Necessary (No Consent Required)
These are essential for the Website to function. Without them, the Website cannot operate correctly. You cannot opt out of these technologies as they are required to provide the service you have requested.
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| better-auth.session_token | Parlacall | Authenticates your session after login. Ensures you stay signed in as you navigate the site. | 7 days | HTTP Cookie |
| better-auth.csrf_token | Parlacall | Protects against cross-site request forgery attacks. Ensures form submissions originate from our site. | Session | HTTP Cookie |
| cf_clearance | Cloudflare | Issued after completing a Cloudflare Turnstile CAPTCHA challenge. Prevents repeated challenges. | Session | HTTP Cookie |
| cookie_consent | Parlacall | Stores your cookie consent preference so we do not ask again. | 1 year | Local Storage |
3.2 Analytics (Consent Required)
These technologies help us understand how visitors interact with our Website by collecting and reporting information. All analytics data is pseudonymized — we never send your email address, phone number, or other direct personal identifiers to analytics services. Under GDPR, pseudonymized data remains personal data (Recital 26).
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| PostHog identifiers | PostHog, Inc. | Product analytics and session recording: tracks pseudonymized usage patterns (page views, feature usage, button clicks) and records browsing sessions (page content, mouse movements, clicks, scrolls) to help us improve the service. Sensitive fields (passwords, payment details) are masked. Uses a stable internal account identifier (not your email or name) that can be linked to your account using additional information we hold. | Persistent until cleared | Local Storage |
PostHog privacy details:
- PostHog is hosted in the United States.
- PostHog session recording is enabled to help us understand how users interact with the Service and identify usability issues. Session recordings capture page content, mouse movements, clicks, and scrolls — but NOT passwords or payment details (sensitive fields are masked). Session recording is activated only after you provide consent.
- We do NOT send your email address, phone number, or payment information to PostHog.
- Only a pseudonymized account identifier and event metadata (page visited, feature used, country code) are transmitted.
- PostHog's privacy policy: https://posthog.com/privacy
3.3 Error Tracking (Strictly Necessary)
Basic error tracking is essential for maintaining a functional service and does not use cookies or local storage for user identification.
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| Sentry error tracking | Functional Software, Inc. | Captures JavaScript errors, stack traces, and performance issues to help us fix bugs. | Per Sentry retention (~90 days) | Runtime (no client storage) |
3.4 Session Replay on Errors (Consent Required)
Session replay captures a recording of browser activity when a JavaScript error occurs, to help us reproduce and fix bugs. Because it uses browser local storage, it requires your consent under Art. 399 PKE.
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| Sentry session replay | Functional Software, Inc. | When a JavaScript error occurs, captures a replay of the session leading up to the error (DOM snapshots, clicks, navigation). Used solely to reproduce and fix bugs. NOT captured during normal, error-free usage. | Per Sentry retention (~90 days) | Local Storage |
Sentry privacy details:
- Session replay is triggered ONLY when a JavaScript error occurs — not during normal usage.
- Replay data includes DOM state, mouse movements, and clicks — but NOT passwords or payment details (sensitive fields are masked).
- No session replays are recorded during normal, error-free browsing (session sample rate is 0%).
- Session replay is activated only after you provide consent via our consent mechanism.
- Sentry's privacy policy: https://sentry.io/privacy/
4. How to Manage Your Preferences
4.1 Our Consent Mechanism
When you first visit our Website, you will see a small consent notice asking whether you accept analytics technologies. You can:
- Accept — Analytics technologies will be activated.
- Decline — Analytics technologies will NOT be activated. Only strictly necessary technologies will be used.
Your choice is stored locally and we will not ask again unless you clear your browser data.
4.2 Changing Your Preference
To change your cookie preference after your initial choice:
- Clear your browser's local storage for our website, OR
- Delete the
cookie_consententry from your browser's local storage using developer tools (Application tab > Local Storage > [WEBSITE_URL]).
After clearing, the consent notice will appear again on your next visit.
4.3 Browser-Level Controls
Most web browsers allow you to control cookies and local storage through their settings. Note that disabling strictly necessary cookies may prevent parts of the Website from functioning correctly.
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
4.4 Do Not Track
Some browsers include a "Do Not Track" (DNT) feature. While there is no universal standard for DNT, if you decline analytics via our consent mechanism, we will not load analytics technologies regardless of your DNT setting.
5. Legal Basis
- Strictly necessary technologies: Exempt from consent under Art. 399 of the Prawo komunikacji elektronicznej (Dz.U. 2024 poz. 1221), transposing Article 5(3) of the ePrivacy Directive (2002/58/EC), because they are strictly necessary for the provision of the service you have requested.
- Analytics technologies: Require your prior consent under Art. 399 PKE. We obtain affirmative consent (consistent with the CJEU Planet49 ruling, C-673/17) via our on-site consent mechanism before activating any analytics technologies. Pre-ticked boxes or implied consent via browser settings alone do not constitute valid consent.
- Error tracking (Sentry core): Runtime error capture (error messages, stack traces) does not use cookies or local storage for identification. Processing is based on our legitimate interest in maintaining service quality (GDPR Article 6(1)(f)). Exempt from Art. 399 PKE consent as it does not access terminal storage.
- Session replay on errors (Sentry replay): Uses local storage for replay buffering. Requires your consent under Art. 399 PKE before activation, because it accesses terminal storage beyond what is strictly necessary. Activated only after consent and only when errors occur.
6. Third-Party Technologies
We do not use any third-party advertising, remarketing, or social media tracking technologies. We do not sell or share your data with advertisers.
7. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. The "Last updated" date at the top of this page indicates when this policy was last revised. We encourage you to review this page periodically.
8. Contact Us
If you have questions about our use of cookies and similar technologies, please contact us:
Email: [CONTACT_EMAIL] [LEGAL_NAME] [STREET_ADDRESS] [POSTAL_CODE] [CITY], Poland
DISCLAIMER: This document is a template for informational purposes. Consult with a qualified attorney for legal advice specific to your situation.