NDORFlow
Get started
Back to NDORFlow

NDORFlow Legal

Cookie Notice

Last updated 28 April 2026

This Cookie Notice explains how NDORFlow uses cookies and similar storage technologies on the marketing site (ndorflow.app) and on the SaaS application (app.ndorflow.app). It supplements our Privacy Policy.

1. What is a cookie?

Cookies are small text files placed on your device by your browser. They let a site recognise your browser across requests — for example, to keep you signed in, to remember a preference, or to count unique visitors. Similar technologies (local storage, session storage) work the same way. Throughout this notice, "cookies" refers to all of them.

2. Categories we use

2.1 Strictly necessary

These cookies are required for the Service to work. Disabling them will break authentication and basic navigation. They cannot be turned off through a banner because they are essential to providing a service you have asked for.

  • Supabase auth session token (signed-in state)
  • CSRF / anti-forgery token
  • Local-storage entries that persist your in-progress wizard state (so you don't lose work on refresh)

2.2 Functional

These remember non-essential preferences. They are first-party only.

  • Last-active workspace (Candidate / Admin)
  • UI preferences (e.g. dismissed banner state)

2.3 Analytics (consent-based, where required)

We use first-party PostHog analytics to understand how the Service is used and to debug failures. We capture page views and discrete product events (e.g. paid action attempted, paid action completed). Session recording is currently disabled. We do not use analytics cookies for advertising or cross-site tracking.

Where required by your local law (UK / EU), a consent banner is presented before any non-essential analytics cookies are set. You can change your consent at any time from Account > Privacy in the SaaS app.

2.4 Payments (Stripe)

Stripe sets cookies on its own checkout and Customer Portal pages to detect fraud and to operate the payment session. We do not control these cookies; see Stripe's cookie policy.

3. Marketing site only

The marketing site at ndorflow.app is a static site with minimal cookie use. Analytics on the marketing site are privacy-first and aggregated; no personal profiles are built. Changes to this layer will be reflected here on the "Last updated" date.

4. Your choices

  • Most browsers let you block or delete cookies in settings.
  • Blocking strictly-necessary cookies will break sign-in and may prevent core features from working.
  • Where a consent banner is shown, your choices are honoured for that domain and stored as a preference.

5. Changes to this notice

We may update this notice as the cookie set on either site changes. The "Last updated" date above reflects the current version.

6. Contact

Questions about cookies or your privacy choices? Email support@ndor.app.