Legal

Cookie Policy

Last updated: 2026-05-13 Effective: 2026-05-13

Cookie Policy — Delivery Zone

Version: 1.0 Last updated: 2026-05-13 Effective date: 2026-05-13

1. What Are Cookies

Cookies are small text files stored in your browser by websites you visit. They are widely used to make websites work correctly or to remember your preferences between visits.

2. How We Use Cookies

We use a minimal set of cookies that are strictly necessary for the service to function. We do not use cookies for tracking, advertising, analytics, or any purpose other than authenticating you as a logged-in user.

3. Cookies We Use

| Cookie Name | Purpose | Type | Duration | |---|---|---|---| | dz_access | Short-lived access token for the current session. Identifies your logged-in session. Set as HttpOnly and Secure to reduce XSS exposure. | Strictly necessary | 1 hour | | dz_refresh | Refresh token used for silent re-authentication without requiring you to log in again. Set as HttpOnly and Secure; path-restricted to /api/auth. | Strictly necessary | Up to 30 days |

HttpOnly means these cookies cannot be read by JavaScript running in the browser. Secure means these cookies are only sent over HTTPS connections. SameSite is set to restrict cross-site transmission.

These cookies are set by our backend API domain and are used exclusively for session management.

4. What We Do Not Use

We do not use any of the following:

  • Third-party tracking or advertising cookies
  • Analytics cookies (e.g., Google Analytics, Matomo, Plausible)
  • Marketing or retargeting cookies
  • Social media cookies (e.g., Facebook Pixel, LinkedIn Insight)
  • A/B testing cookies
  • Preference or personalisation cookies beyond session state

Because we use only strictly necessary cookies, EU cookie law (the ePrivacy Directive, as implemented in Finnish law) does not require us to display a cookie consent banner for these cookies. We explain our use here in the interest of transparency.

5. Local Storage

In addition to cookies, the application uses browser localStorage to store:

  • Your currently selected organisation ID, so you do not need to reselect it on each visit.

No personal data, authentication tokens, or payment credentials are stored in localStorage. You can clear localStorage via your browser settings without affecting your account.

6. How to Control Cookies

You can configure your browser to block or delete cookies at any time. Note that blocking the dz_access or dz_refresh cookies will prevent you from logging in to the service dashboard.

Instructions for major browsers:

7. Further Information

For more information about how we use your personal data, including legal bases and your rights, see our Privacy Policy.

For questions about cookies, contact: [email protected]