Cookie Policy
1. What cookies are
Cookies are small text files placed on your device by a website. They are widely used to make websites work, remember preferences, and gather data about how the site is used. Local storage works similarly but lives in your browser's storage rather than as a cookie; we mention it here for completeness.
This Cookie Policy explains what cookies and local-storage items PromoTrace uses, why, and how you can control them. It complements our Privacy Policy.
2. Cookies we use
2.1 Strictly necessary (no consent required)
These cookies are essential to operate the Service securely. They cannot be switched off without breaking the Service.
| Name | Purpose | Lifetime |
|---|---|---|
PHPSESSID |
Keeps you signed in by linking your browser to a server-side session. Set when you log in; cleared when you log out or close your browser. | Session |
csrf_token |
Protects against cross-site request forgery on form submissions. A different value is issued per session. | Session |
2.2 Functional (set by Cloudflare in front of the Service)
Cloudflare provides DDoS protection and bot mitigation in front of PromoTrace. It sets small cookies to support those functions.
| Name | Purpose | Lifetime |
|---|---|---|
__cf_bm |
Cloudflare bot-management cookie that distinguishes humans from bots. Required to keep the Service available to legitimate visitors. | 30 minutes |
cf_clearance |
Set when Cloudflare's challenge has been solved (only seen by users on suspicious networks). Helps prevent re-challenging. | 30 days, where set |
More on Cloudflare's cookie usage: developers.cloudflare.com.
2.3 Functional (set by the Vistochat assistant on public pages)
Our public pages (login, password reset, the legal pages you're reading now, and the marketing site) include the Vistochat live-chat widget ("Olive"). When you interact with it, Vistochat sets cookies to remember your conversation.
| Name (typical) | Purpose | Lifetime |
|---|---|---|
vistochat_visitor_id |
Identifies a returning conversation, so the chat history is preserved across page loads. | 1 year |
vistochat_session |
Keeps the current chat connection state. | Session |
The Vistochat widget loads only on public pages — you won't see it while logged into the authenticated app. If you don't open the chat, no chat-specific cookies are set beyond the widget's own load-state cookie.
2.4 Local storage (not technically cookies)
We store two preferences in your browser's local storage rather than as cookies, because they don't need to travel back to our server with every request:
| Key | Purpose |
|---|---|
promotrace_theme |
Remembers whether you chose light or dark mode. |
promotrace_history (within the calculator only) |
Caches recent calculations for offline-style fast access while you're working in the calculator. Synchronised with your server-side history when you reconnect. |
2.5 What we don't use
For clarity:
- No analytics cookies — we do not run Google Analytics, Plausible, Fathom, Mixpanel, or any similar product-analytics tool at this time.
- No advertising cookies — we do not run any ad-tech pixels (Facebook, LinkedIn, Google Ads, etc.).
- No fingerprinting — we don't try to identify your device beyond what's strictly necessary for security.
- No cross-site tracking — cookies set by the Service don't follow you onto other sites.
3. How to manage cookies
You can control cookies in your browser settings — accept all, block
all, accept only first-party, or delete on close. Note that blocking the
strictly necessary cookies (PHPSESSID, csrf_token)
will prevent you from logging in or submitting forms.
Browser-specific instructions:
4. Changes to this policy
We may update this Cookie Policy when we change tooling (for example, if we add an analytics tool, we will list it here and require consent where applicable under UK PECR). The "Last updated" date at the top reflects the most recent version.
5. Contact
Questions about cookies, or about your rights more broadly, can go to [email protected]. We respond within a few working days.