Cookie Policy

1. What are cookies

Cookies are small text files stored in your browser. Similar technologies include localStorage (browser-side storage) and device signals used for analytics. This policy covers all of them.

Some cookies are essential for the service to work. Others require your prior consent under EU and Spanish law (GDPR, LSSICE). For users in the United Kingdom, the UK GDPR applies equivalent consent requirements. For users in Canada, PIPEDA and applicable provincial privacy laws govern data handling. For users in Australia, the Privacy Act 1988 and Australian Privacy Principles apply. For users in the United States, applicable state privacy laws such as the CCPA may apply.

2. Categories we use

ESSENTIAL — always active. Required for the service to function. Cannot be disabled through Signoti. Legal basis: performance of contract (Article 6(1)(b) GDPR).

ANALYTICS — require your consent. We use Google Tag Manager, Google Analytics, Vercel Analytics, and Microsoft Clarity to count page views, understand traffic sources and feature usage, measure product events, and analyze behavior through heatmaps and session replay. These services are used only after consent. Legal basis: consent (Article 6(1)(a) GDPR). You may withdraw consent at any time.

3. Cookie inventory

__session | Clerk | Essential | Authenticates your session | Session duration

__client_uat | Clerk | Essential | Tracks client-side auth state | Up to 1 year

__stripe_mid | Stripe | Essential | Fraud prevention and payment processing | Up to 1 year

__stripe_sid | Stripe | Essential | Stripe session identifier | 30 minutes

Google Tag Manager | Google | Analytics loader (consent required) | Loads consented analytics tags configured in the GTM-KHJ54BZJ container | No cookie set by GTM itself

_ga, _ga_<container-id> | Google Analytics | Analytics (consent required) | Distinguishes users and persists session state for aggregated analytics | Up to 13 months

Vercel Analytics | Vercel | Analytics (consent required) | Privacy-first page view and product-event analytics using hashed device signals — no persistent cookie | Session / 24 h

Microsoft Clarity | Microsoft | Analytics (consent required) | Behavioral analytics, heatmaps, and session replay | Session / up to 13 months

signoti-dark | Signoti | Functional (localStorage) | Stores your light/dark mode preference locally in your browser | Permanent until cleared

signoti-cookie-consent | Signoti | Essential (localStorage) | Records your cookie consent choices | Up to 24 months

signoti-attribution | Signoti | Analytics attribution (localStorage) | Stores UTM campaign parameters and source page for signup and checkout attribution | Up to 90 days

4. Third-party providers

Clerk (authentication) — processes authentication cookies under its own privacy policy. Data may be transferred to the United States under Standard Contractual Clauses.

Stripe (payments) — processes payment cookies under its own privacy policy. Data may be transferred to the United States under Standard Contractual Clauses.

Google Tag Manager (tag management) — loads analytics tags configured for Signoti only after analytics consent. The no-script iframe variant is not loaded because it cannot respect browser-stored consent when JavaScript is disabled.

Google Analytics (analytics) — processes page views, events, approximate location, device/browser data, and traffic-source data under Google's privacy terms. We disable advertising storage, Google signals, and ad personalization in the site tag.

Microsoft Clarity (behavioral analytics) — processes session replay and interaction data under Microsoft's privacy statement. Data may be transferred to the United States under Standard Contractual Clauses.

Vercel (hosting and analytics) — hosts the application and provides privacy-first analytics. Data may be processed in the United States under Standard Contractual Clauses.

5. Managing your preferences

You can change your cookie preferences at any time by clicking 'Cookie preferences' in the footer of any page. Withdrawing consent for analytics is effective immediately — analytics data collection stops at that point and Signoti attempts to remove first-party analytics cookies from your browser.

Essential cookies cannot be disabled through Signoti. You can block or delete any cookies from your browser settings, but doing so may prevent login or payment features from working.

To withdraw consent or exercise your data rights, contact us at contacto@signoti.com. EU users may also lodge a complaint with the Spanish Data Protection Agency (AEPD) at www.aepd.es.

6. Regional privacy rights

Signoti does not sell or share your personal information with third parties for cross-context behavioral advertising. The cookies and analytics tools we use do not involve the sale of personal data.

California residents (CCPA): you have the right to know what personal information is collected, to delete it, to opt out of its sale (not applicable here), and not to be discriminated against for exercising these rights.

United Kingdom residents (UK GDPR): you have the same rights as EU residents — access, rectification, erasure, restriction, objection, and portability. You may also lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Canadian residents (PIPEDA): you have the right to access your personal information and to challenge its accuracy. Contact us at contacto@signoti.com.

Australian residents (Privacy Act 1988): you have the right to access and correct personal information held about you. You may also lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

To exercise any of these rights, contact contacto@signoti.com.

7. Changes to this policy

We may update this policy when we add or remove technologies. Material changes will be communicated through the service or by email. The 'last updated' date at the top reflects the most recent revision.