Cookie Policy
This policy describes the categories of cookies and similar technologies that may be used on Upflo, their purpose, their essential characteristics and the means available to users to manage them.
Current status
No non-essential advertising or audience-measurement cookies identified as active by default at the update date
Essential cookies
Authentication, user context, language, security and anti-bot
Contact
contact@upflo.fr
Reference framework
Applicable CNIL / ePrivacy framework
1. What is a cookie or tracker?
A cookie is a small text file stored on a user's device when visiting a website or online service. Other technologies may have similar effects, such as local storage, session identifiers, anti-bot scripts, pixels or technical tokens.
In this policy, the term cookies covers cookies and comparable trackers used to operate Upflo, secure the service or remember technical preferences.
2. Strictly necessary trackers used by Upflo
| Name or category | Purpose | Provider / domain | Indicative duration |
|---|---|---|---|
| Supabase session and authentication cookies (name varies by environment) | Keep the user signed in, refresh server-side authentication and secure account access | Upflo / authentication service | Session or limited duration depending on authentication settings |
| upflo_active_role | Remember the active role selected by the user in the interface | Upflo | Up to 180 days or deleted when reset |
| upflo_active_organization_id | Remember the active organisation selected by the user | Upflo | Up to 180 days or deleted when context is cleared |
| Framework language-preference cookie, when set | Remember display language or facilitate coherent language redirects | Upflo / i18n framework | Varies with technical configuration |
| Cloudflare Turnstile security / anti-bot tracker when enabled | Protect forms against automated abuse and verify the human origin of some actions | Cloudflare and, where applicable, related third-party domain | Varies depending on the provider and challenge context |
| Technical cookies set during redirects to third-party providers (payment, authentication) | Allow continuation of flows involving Stripe, Google, LinkedIn or other essential integrations | Relevant third-party provider | According to the third party policy |
Important
The exact names of some technical cookies may vary depending on deployment environment, project configuration and provider evolution.
3. Non-essential trackers
As of the update date of this policy, Upflo has not identified public-site advertising, retargeting or non-strictly-necessary audience-measurement cookies enabled by default without an appropriate consent mechanism.
If Upflo later adds non-essential trackers, an information and, where required by law, consent-collection mechanism will be implemented before those trackers are stored or read.
4. Third-party services and navigation outside the site
When a user relies on a third-party authentication provider or is redirected to a payment provider, cookies or trackers may be managed directly by that provider on its own domain. Such trackers are not always fully controlled by Upflo.
Users are invited to review the policies of the relevant providers as well, especially Stripe, Google, LinkedIn, Cloudflare or any other provider involved in the workflow they use.
5. How to manage cookies
- Configure the browser to block or delete certain cookies, subject to possible consequences on website functionality.
- Sign out when using a shared device.
- Avoid disabling strictly necessary cookies if the user wishes to keep access to authenticated features, context memorisation or payment and authentication flows.
- Contact Upflo at the privacy address if any question remains about a tracker or its use.
6. Cookie policy updates
This policy may change depending on technical changes, the addition or removal of third-party services, CNIL guidance or any other applicable regulatory development.
The last update date appears at the top of this document.