1. What cookies are
Cookies are small text files stored on your device when you visit a website. We also use comparable technologies such as localStorage, sessionStorage, web beacons, and server-side identifiers ("similar technologies"). This policy covers both.
2. Categories we use
- Strictly necessary — session cookies, authentication tokens, CSRF protection, load balancing. Cannot be disabled.
- Preferences — language, theme, dashboard layout, dismissed banners. Stored locally where possible.
- Analytics — aggregated, IP-truncated usage and performance telemetry to improve the product.
- Marketing — limited attribution and conversion measurement, set only after consent.
3. First-party vs third-party
First-party cookies are set by cendigo.com. Third-party cookies and pixels are set by vetted processors when you opt in (for example, analytics and conversion measurement). The full list of vendors is maintained in the consent banner and the Trust Center.
4. Retention
- Session cookies: deleted when you close the browser
- Authentication: up to 30 days, sliding window
- Preferences: up to 12 months
- Analytics: up to 14 months (aggregated)
- Marketing: up to 13 months from last interaction (consent-dependent)
5. Managing your choices
Use the consent banner ("Cookie settings" in the footer) to change non-essential categories at any time. You can also clear or block cookies in your browser; doing so may break authentication, preference persistence, and parts of the dashboard.
6. Do Not Track and Global Privacy Control
We honor Global Privacy Control (GPC) signals from compliant browsers by treating them as a refusal of non-essential cookies. DNT headers are also respected where they unambiguously express the same intent.
7. Changes
Updates to this policy are recorded in the Trust Center change log. Material changes trigger a re-consent prompt.
8. Contact
Cookie questions: privacy@cendigo.com.