1. About this policy
This Cookie Policy explains which cookies and browser-storage mechanisms Corpflow uses on our website (corpflow.ai) and our SaaS platform, and how to control them. It supplements our Privacy Policy and is published to meet our disclosure obligations under the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations (PECR), and the California Consumer Privacy Act (CCPA/CPRA).
2. Quick summary
Corpflow uses only strictly necessary cookies and local-storage entries. We do not run third-party advertising cookies, tracking pixels, behavioral analytics (such as Google Analytics, Mixpanel, or similar), or session-replay tools on the platform. Because every cookie we set is essential to operating the service, no consent banner is required for the platform to function.
If we ever introduce non-essential cookies — for example, product analytics or marketing measurement — we will update this policy and add a consent mechanism with a clear opt-out before any such cookie is set.
3. What is a cookie?
A cookie is a small text file placed on your device by a website you visit. Cookies are widely used to make websites work, to make them work more efficiently, and to provide information to the site’s operators. We also use related browser-storage mechanisms (localStorage and sessionStorage) for the same purposes; for clarity, this policy treats them all together.
4. Cookies we set
The table below lists every cookie and browser-storage entry that Corpflow sets. All of them are first-party (set by Corpflow) and all of them are strictly necessary for the platform to operate.
| Mechanism | Purpose | Duration |
|---|---|---|
access_token (cookie) | Maintains your authenticated session. Transmitted securely over HTTPS in production. | 7 days |
refresh_token (cookie) | Used to refresh your session without re-authentication. HttpOnly — not accessible to JavaScript. | 7 days |
session_cookie (cookie) | Used for document-editor authentication. | Session |
access_token (localStorage) | Stores your session token locally for API requests. | Until logout |
user (localStorage) | Stores basic user profile data (name, role, organization) to personalize the interface. | Until logout |
5. Cookies we do not set
We do not use:
- Third-party advertising or retargeting cookies (e.g., Google Ads, LinkedIn Insight Tag, Meta Pixel)
- Behavioral or product-analytics cookies (e.g., Google Analytics, Mixpanel, Amplitude)
- Session-replay or heatmap tools (e.g., Hotjar, FullStory)
- Cross-site tracking technologies of any kind
6. Managing cookies
Because all cookies we set are strictly necessary, refusing them will prevent the platform from working — you will not be able to log in, stay signed in, or use the document editor. The marketing website itself does not require cookies to browse.
You can control cookies in your browser settings, including clearing existing cookies and blocking new ones. The exact steps vary by browser; see your browser’s help pages for Chrome, Firefox, Safari, or Edge.
7. International users
EEA & UK. Under the ePrivacy Directive and UK PECR, prior consent is required before non-essential cookies are set. We rely on the “strictly necessary” exemption because every cookie listed above is required to deliver the service you have asked for.
California. Under the CCPA/CPRA, you have the right to opt out of the sale or sharing of personal information. Corpflow does not sell or share personal information, and the cookies described in this policy do not enable cross-context behavioral advertising.
8. Changes to this policy
We may update this Cookie Policy from time to time. When we make material changes — for example, introducing a new cookie category — we will update the “Last updated” date above and, where required, ask for your consent before any new non-essential cookie is set.
9. Contact
Questions about this policy or the cookies we use? Email us at contact@corpflow.ai with “Cookie Policy” in the subject line.
This Cookie Policy was last updated on May 9, 2026.