Cookie Policy — Delivery Zone
Version: 1.1 Last updated: 2026-05-17 Effective date: 2026-05-13
1. What Are Cookies
Cookies are small text files stored in your browser by websites you visit. They are widely used to make websites work correctly or to remember your preferences between visits.
2. How We Use Cookies
We use a minimal set of cookies that are strictly necessary for the service to function. We do not use cookies for tracking, advertising, analytics, or any purpose other than authenticating you as a logged-in user.
3. Cookies We Use
| Cookie Name | Purpose | Type | Duration |
|---|---|---|---|
dz_access | Short-lived access token for the current session. Identifies your logged-in session. | Strictly necessary | 1 hour |
dz_refresh | Refresh token used for silent re-authentication without requiring you to log in again. | Strictly necessary | 30 days |
Attributes applied to both cookies:
- HttpOnly — the cookie cannot be read by JavaScript running in the browser, reducing XSS risk.
- Secure — the cookie is only sent over HTTPS connections (not set on localhost in development).
- SameSite=None — required for cross-site requests between the public site and the API domain in production;
SameSite=Laxis used on localhost. - Path —
dz_accessis scoped to/(all paths);dz_refreshis scoped to/api/authonly, limiting its transmission to authentication endpoints.
These cookies are set by our backend API domain and are used exclusively for session management.
4. What We Do Not Use
We do not use any of the following:
- Third-party tracking or advertising cookies
- Analytics cookies (e.g., Google Analytics, Matomo, Plausible)
- Marketing or retargeting cookies
- Social media cookies (e.g., Facebook Pixel, LinkedIn Insight)
- A/B testing cookies
- Preference or personalisation cookies beyond session state
Because we use only strictly necessary cookies, EU cookie law (the ePrivacy Directive, as implemented in Finnish law) does not require us to display a cookie consent banner for these cookies. We explain our use here in the interest of transparency.
If we introduce analytics, advertising, social media, A/B testing, or other non-essential cookies or similar technologies in the future, we will update this policy and request consent where required before using them.
5. Local Storage
In addition to cookies, the dashboard application uses browser localStorage to store small pieces of non-sensitive preference data. Because localStorage also stores information on your device, we describe it here for transparency even though it is not a cookie.
| Key | Purpose |
|---|---|
dz:selected-org-id | Your currently selected organisation ID, so you do not need to reselect it on each visit. |
dz-theme | Your UI theme preference (light or dark mode). |
No personal data, authentication tokens, or payment credentials are stored in localStorage. You can clear localStorage via your browser's developer tools or settings without affecting your account.
6. How to Control Cookies
You can configure your browser to block or delete cookies at any time. Note that blocking the dz_access or dz_refresh cookies will prevent you from logging in to the service dashboard.
See your browser's help pages for current instructions on blocking or deleting cookies.
7. Further Information
For more information about how we use your personal data, including legal bases and your rights, see our Privacy Policy.
For questions about cookies, contact: [email protected]