Legal
Cookies Policy
This Cookies Policy explains what cookies and similar technologies OLISE uses, what data they store, and how to control them. We keep cookies to the minimum necessary for the Service to work. OLISE does not use marketing, advertising, or cross-site tracking cookies.
1. What cookies are
Cookies are small text files placed on your device by your browser when you visit a website. They allow the site to remember information across pages — such as whether you are logged in, your preferred language, or whether to show a banner you already dismissed. We also use closely-related technologies (localStorage, sessionStorage) for the same purposes; this Policy covers them all collectively as “cookies”.
2. Cookie categories
- Strictly necessary. Required for core functionality (sign-in, CSRF protection, locale). Cannot be turned off without breaking the Service.
- Performance / analytics. Anonymized, aggregate metrics. We use Vercel Analytics (no cookies, server-side) and Sentry for error monitoring (no tracking cookies). Both honor Do Not Track and Global Privacy Control signals.
- Functional. Remember preferences such as theme and locale.
- Marketing. None. OLISE does not run any advertising, retargeting, or third-party tracking cookies on its websites.
3. Cookies we set
| Name | Category | Purpose | Duration | Flags |
|---|---|---|---|---|
sb-access-token | Strictly necessary | Supabase session — keeps you signed in | 1 hour | HttpOnly · Secure · SameSite=Lax |
sb-refresh-token | Strictly necessary | Refreshes the access token without re-login | 7 days | HttpOnly · Secure · SameSite=Lax |
voxia_current_business | Strictly necessary | Selected workspace (multi-tenant routing) | Session | HttpOnly · Secure · SameSite=Lax |
csrf | Strictly necessary | CSRF token for sensitive POST endpoints | Session | HttpOnly · Secure · SameSite=Strict |
NEXT_LOCALE | Functional | Remembers your language (es / en / pt) | 1 year | Secure · SameSite=Lax |
theme | Functional | Remembers light/dark preference | 1 year | Not HttpOnly · localStorage |
4. Third-party cookies
We do not load third-party cookies on marketing pages or the dashboard. The following exceptions exist and only fire on the specific surface noted:
- Stripe Checkout. Loaded only on the billing page when you initiate a checkout. Stripe sets its own cookies for fraud prevention and session continuity. See Stripe’s cookie policy.
- Calendly / Google / Microsoft. When you connect a third-party integration via OAuth, the provider may set cookies during the consent screen (hosted on the provider’s domain, not ours).
5. How to manage cookies
- All major browsers let you block or delete cookies in their settings. Be aware that blocking strictly-necessary cookies will sign you out and break the Service.
- We honor the Do Not Track header and the Global Privacy Control (GPC) signal as universal opt-out for non-essential analytics.
- We do not display a cookie consent banner on the marketing site because we use only strictly-necessary and functional cookies in the EU/UK; consent is not required for those categories under ePrivacy / Article 5(3) of Directive 2002/58/EC.
6. Changes
We will update this page when we add or remove cookies. Material changes will be announced 30 days in advance via email to admins.
7. Contact
Questions about cookies? privacy@olise.ai. See also our Privacy Policy.
Questions? legal@olise.ai