Last updated: June 2, 2026
Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences, keep you signed in and protect against cross site request forgery.
Quaterio uses a minimal set of cookies, all of which are strictly necessary for the Service to function. We do not use advertising, marketing or behavioral tracking cookies.
Separately from cookies, we run cookieless analytics and a sampled session recording feature through our self hosted Umami instance. Both run only after you grant Measurement consent through the banner shown on first visit. See Cookieless Analytics and Session Recording below for what is collected and how to change your choice.
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| sb-access-token | Authentication session token | 1 hour | First party |
| sb-refresh-token | Refreshes your session so you stay signed in | 7 days | First party |
| csrfSecret | Protects against cross site request forgery attacks | Session | First party |
| theme | Remembers your light/dark mode preference | 1 year | First party |
| lang | Remembers your language preference | 1 year | First party |
Some features involve third party services that may set their own cookies when you interact with them:
| Service | When | Purpose |
|---|---|---|
| Stripe | During checkout | Fraud prevention |
| Google reCAPTCHA | Contact form submission | Bot detection |
These cookies are only set when you actively interact with the relevant feature and are governed by the respective provider's privacy policy.
We use Umami, a self hosted analytics platform, to understand how visitors use our site. Umami is fully cookieless and does not store any persistent identifier on your device. Anonymized page views, language, screen size and Core Web Vitals are sent when you grant Measurement consent.
We also use Umami's session recording feature (built on rrweb) to identify usability issues. A sampled subset of visits (around 25%) is recorded when Measurement consent is granted. Recordings capture interactions such as clicks, scrolls and navigation. Form inputs, text inputs and password fields are masked by default. Recordings are retained for 30 days then automatically deleted.
Our legal basis is your consent under Article 6(1)(a) GDPR. You can change or withdraw consent at any time by opening the preference center from the consent banner. When you withdraw consent, the scripts are removed and no further data is collected from your device.
You can control cookies through your browser settings. Note that disabling essential cookies will prevent you from signing in to the Service, as they are required for authentication and security. Clearing cookies will sign you out.
We will update this policy if we introduce new cookies or change how we use existing ones. Material changes will be communicated via the Service.
Questions about our cookie usage? Contact us at our contact page or by email at hello@quaterio.com.
