Cookie Policy
1. What we use
Diflo uses a small number of first-party cookies and equivalent browser storage (localStorage) to operate the Service. We do not use advertising cookies and we do not share cookie data with ad networks.
2. Categories
Essential (always on)
Required for the Service to function. Refusing them would make sign-in and basic navigation impossible. No consent is requested for these because they are strictly necessary.
| Name | Purpose | Lifetime |
|---|---|---|
next-auth.session-token | Signed JWT session for the dispatcher dashboard. | 7 days idle |
next-auth.csrf-token | CSRF protection on authentication endpoints. | Session |
locale | Stores the chosen UI language (en / hu). | 1 year |
diflo:cookie-consent | Records your consent choice for non-essential categories. | 12 months |
diflo:layout, diflo:pendingPlan | UI preferences and onboarding state - local browser only. | Until you clear browser storage |
Analytical (opt-in)
Used only after you enable them via the consent banner. Until then, the Service does not load these.
| Provider | Purpose | Lifetime |
|---|---|---|
| Sentry session-replay sampling | Reproducing UI errors. Replays mask form inputs and PII by default; off unless you accept Analytical. | 30 days |
3. Managing your choice
On your first visit you see a banner offering Accept all / Essential only. You can change your choice by clearing the diflo:cookie-consent cookie or browser storage entry.
4. Browser controls
All major browsers let you block or delete cookies in their settings. Blocking essential cookies will break sign-in. We do not use device fingerprinting to bypass cookie controls.
5. Changes
We will update this page when we add or remove cookie usage. Material changes are version-bumped at the top of this document.