What cookies and storage are
Cookies are small text files stored on the user's device. Browser storage can also include local storage, session storage, IndexedDB, and authentication persistence.
Konfi Cloud uses necessary technologies to run authentication, keep the user session, remember language and security state, and protect the service. Optional measurement or diagnostics run only if they are active on the production site and allowed by the user's choice where consent is required.
Necessary technologies
- A sign-in cookie that keeps you logged in so you don't need to sign in again on every page (cleared automatically when you sign out; otherwise expires after up to 14 days, or 12 hours in the operator app).
- Sign-in helpers stored by your browser that keep you signed in across tabs and refreshes.
- A small security token that proves requests come from the real Konfi Cloud site, not from a bot or copycat.
- A language preference so the interface stays in your chosen language (English or Polish).
- A cookie-consent record so the cookie banner is not shown to you on every visit.
- Security cookies that protect sign-in, account, and payment screens from abuse.
- Checkout cookies set by Stripe when you start a paid plan; these are managed by Stripe as our payment provider.
Why necessary cookies do not require marketing consent
We use necessary cookies and similar storage because they are required to deliver the service you asked for and to keep it secure. Turning them off can break sign-in, checkout, onboarding, or workspace administration.
Optional analytics and observability
- Optional product analytics (Firebase Analytics by Google): only loaded after you accept the analytics category. We never use it for advertising — advertising signals stay disabled.
- Error and performance diagnostics (Sentry): only loaded after you accept the observability category. We do not enable session replay in production.
- Server-side hosting and infrastructure logs may record technical request data (timestamps, IP address, browser, status codes) to keep the service available and secure; these do not place cookies in your browser.
- You can change or withdraw your analytics or observability consent at any time through the Cookie settings link in the footer.
Managing choices
Users can remove or block cookies in browser settings. Blocking necessary cookies can make the application unavailable or less secure.
Where optional cookies or similar technologies require consent, users should be able to accept, reject, or later change that choice through the consent tool used on the production site.
External providers
- Google LLC (Firebase Authentication, Firestore, App Check, and Firebase Analytics).
- Google LLC sign-in when the user chooses to sign in with Google.
- Konfi Cloud as seller and service provider; Stripe as payment processor for paid billing and checkout.
- Resend, Inc. for transactional email and inbound email handling.
- Vercel Inc. for hosting, edge delivery, and domain operations.
- Functional Software, Inc. (Sentry) for client and server error tracking.
- The full and current subprocessor list is published on the Subprocessors page.
Retention
Session-based cookies usually clear themselves when you close the browser or sign out. The sign-in cookie can stay for up to 14 days on the main app and 12 hours on the operator app, or until you sign out.
Sign-in helpers stored by your browser stay until you sign out, clear your browser data, or delete the account.
Your cookie-consent record stays until you reset it from Cookie settings or clear browser data.