Cookies, trackers, analytics.
CertiFlow is built on a Zero-Knowledge Encryption brand. We do not read our customers’ evidence and we do not track our visitors. This page lists exactly what runs in your browser when you load a CertiFlow page.
Last updated 2026-06-07
01 · What we use
Essential session cookies. That’s it.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-* (Supabase) | Authentication session. Keeps you logged in between pages. | Session / 1 hour |
| next-* (Next.js) | App state — routing, CSRF token, theme. | Session |
Both are strictly necessary under GDPR Article 5(3) and the ePrivacy Directive Article 5(3) — no consent banner required. If you block them, the application cannot keep you authenticated.
02 · What we don’t use
No trackers. No third-party advertising. No Google Analytics.
- No Google Analytics. We do not load GA, GA4, Google Tag Manager, or any Google-owned tracker. Our pages contain no
gtagoranalytics.google.comrequests. - No advertising pixels. No Meta pixel, no LinkedIn Insight tag, no Twitter/X pixel, no TikTok pixel, no retargeting beacons.
- No cross-site identifiers. We do not write fingerprinting cookies, device IDs, or cross-site identifiers. We do not participate in any advertising-ID exchange.
- No session replay. No FullStory, no Hotjar, no Mouseflow. We do not record your clicks, mouse movements, scrolls, or form inputs.
03 · The analytics we do use
Vercel Web Analytics in privacy mode.
We use Vercel Web Analytics to count page views and understand which pages people land on. It runs entirely on Vercel infrastructure (where the site is hosted), uses no cookies, and writes no identifier to your browser.
What we receive in aggregate:
- The URL you visited and the referrer URL
- Country of origin (not city, not IP)
- Device type (mobile vs desktop, OS family)
- Anonymous visit count per page
What we never receive:
- Your IP address
- Any persistent identifier that links visits together
- Any input you type
- Any data that could be used to fingerprint you
Vercel publishes their data handling at vercel.com/docs/analytics/privacy-policy. Our use is fully covered by their commitment.
04 · Local storage & session storage
We use a small amount of browser local storage for in-app preferences (sidebar collapsed state, last-selected framework filter). This data never leaves your device and is never transmitted to CertiFlow servers. You can clear it at any time through your browser’s site-data tools.
Questions or complaints?
Privacy and data-protection enquiries: trust@certiflow.com. You also have the right to lodge a complaint with the data protection authority in your jurisdiction.
See also: our Privacy notice, the Data Processing Agreement, and our Security page.