Cookie Policy
Version 1.0 — Last updated: 13 May 2026
⚠️ Closed-beta starter draft. Review with qualified legal counsel before accepting external paying customers.
What cookies we use
Totalinfo Ltd uses only strictly necessary cookies required to make the platform work. We do not use:
- Analytics cookies (Google Analytics, Mixpanel, etc.)
- Advertising cookies
- Social media tracking pixels
- Third-party marketing cookies
Under the UK Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies do not require explicit consent.
Cookies set by the platform
| Name | Purpose | Duration | Type |
|---|---|---|---|
connect.sid |
Authentication session (Express session) | 24 hours | Session — strictly necessary |
csrf-token |
CSRF protection on form submissions | 24 hours | Session — strictly necessary |
Cookies set by Stripe (only during checkout)
When you access the /billing page or Stripe Checkout, Stripe sets its own cookies for fraud prevention and to maintain your checkout session. These are governed by Stripe's Privacy Policy and Stripe's Cookie Policy.
How to control cookies
You can clear cookies for this site from your browser's settings. Doing so will sign you out and clear any CSRF tokens — you can sign back in and the cookies will be set again.
If you block strictly necessary cookies, the platform will not work — there's no signed-in state without them.
Server-side tracking we DO use
While we don't use tracking cookies, we do log:
- Application audit events (login, lead approve/reject, settings changes) — stored in MongoDB for 2 years, viewable in
/admin/audit-logs. - Email open tracking — outbound emails contain a 1×1 tracking pixel. We record whether and when the email was opened. This is standard for B2B sales tools.
- Error monitoring (Sentry) — uncaught exceptions are sent to Sentry. Auth headers and cookies are scrubbed before transmission.
Changes to this policy
We will give 30 days' notice of material changes via in-app banner.