← Back to Home

Cookie Policy

Last updated: April 25, 2026

This page explains what cookies Driora uses and why. Short answer: only one essential cookie, no tracking, no analytics cookies.

The honest summary: We use a single essential cookie (a Flask session cookie for CSRF protection and session state). We use PostHog for product analytics, configured to NOT set browser cookies (it uses an anonymous localStorage identifier instead , see Section 2). We do not use Google Analytics, Meta Pixel, Hotjar, advertising networks, or any cross-site tracking. If anything ever changes, we will update this page and show a consent banner before activating it.

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They are used to make websites work correctly and to remember information between page loads. Cookies set by the site you are visiting are called first-party cookies. Cookies set by other companies are called third-party cookies.

2. Cookies We Use

Essential Strictly Necessary Cookies

These cookies are required for the Service to function. They cannot be disabled without breaking the application. Under the EU ePrivacy Directive and the UK PECR, strictly necessary cookies are exempt from consent requirements.

Cookie Provider Purpose Duration
session Driora (first-party) Flask session cookie. Maintains your session state including CSRF protection. Contains a cryptographically signed session identifier. Does not contain personal data in plaintext. Session (cleared on browser close)

Not Used Analytics Cookies

We do not use analytics cookies. We do not use Google Analytics, Plausible, Mixpanel, Hotjar or any service that sets tracking cookies on your browser.

What we do use: PostHog for product analytics, configured to NOT set browser cookies. PostHog stores an anonymous identifier in your browser's localStorage (not a cookie) so we can understand which features users find and which paths they get stuck on. We do not link this identifier to your email address unless you explicitly opt in. You can clear it any time via your browser's "clear site data" option.

If we introduce additional analytics in the future, we will:

  • Update this Cookie Policy before deploying any new analytics tooling.
  • Show a consent banner to EU and UK users before activating non-essential cookies.
  • Only set analytics cookies after obtaining your affirmative consent where required by law.
  • Choose privacy-respecting tools that do not share data with advertising networks.

Not Used Advertising and Tracking Cookies

We do not use any advertising or tracking cookies. No Meta Pixel, no Google Ads remarketing, no cross-site tracking of any kind. We do not work with ad networks or data brokers.

3. Similar Technologies

Beyond the session cookie, we use the following browser storage technologies:

  • Redis (server-side): We use Upstash Redis to store session state and rate-limit counters on the server. This is not a browser cookie but a server-side cache. No personal data is stored in Redis beyond session tokens and IP-derived rate-limit keys. All Redis data expires automatically.
  • Browser local storage or session storage: We may use these for temporary UI state (for example, remembering a form step). No personal data is written to local or session storage.

4. How to Manage Cookies

Because we use only one strictly necessary cookie, disabling cookies in your browser will prevent the Service from functioning correctly (you will not be able to complete the report form). If you are comfortable with that trade-off, you can manage cookies through your browser settings:

  • Google Chrome: Settings > Privacy and Security > Cookies and other site data
  • Mozilla Firefox: Settings > Privacy and Security > Cookies and Site Data
  • Apple Safari: Preferences > Privacy > Manage Website Data
  • Microsoft Edge: Settings > Cookies and Site Permissions > Cookies and site data

Do Not Track

Some browsers send a "Do Not Track" (DNT) signal. Because we do not use tracking or advertising cookies, the Service behaves the same regardless of the DNT signal. We do not track users across third-party websites.

Under the EU ePrivacy Directive (as implemented in EU member states) and the UK Privacy and Electronic Communications Regulations (PECR):

  • The Flask session cookie is placed under the "strictly necessary" exemption. It is required to deliver the service you have requested and does not require your consent.
  • We currently have no non-essential cookies. If we introduce any in the future, we will obtain your prior, freely given and informed consent before placing them.

6. Changes to This Cookie Policy

We will update this policy before making any changes to our cookie usage, particularly before adding any non-essential cookies. When we make changes, we will update the "Last updated" date at the top of this page and notify waitlist members by email. We encourage you to review this page periodically.

7. Contact

Questions about cookies or this policy? Email us at:

Driora / Ergyn Pelinku
Email: [email protected]

For broader privacy questions, see our Privacy Policy.