# Cookie Policy Every cookie we set, what it does, and how to control it from your browser or our consent banner. Last updated: April 9, 2026 This Cookie Policy explains how Sistava uses cookies, local storage, and similar tracking technologies on our websites and platform. It is part of our Privacy Policy and should be read alongside it. ## 1. What Are Cookies? Cookies are small text files that a website places on your device when you visit it. Local storage and session storage are similar mechanisms used by modern browsers. We use the term "cookies" in this policy to refer to all of these technologies for simplicity. ## Strictly Necessary Cookies These cookies are essential for the platform to function and cannot be turned off. They are set in response to actions you take, such as signing in, setting your privacy preferences, or filling in forms. You can configure your browser to block them, but parts of the platform will not work. - Authentication cookies: Sign-in session, JWT tokens, CSRF protection, multi-tenant routing. Set by Sistava. First-party. Session-based or up to 30 days. - Security cookies: Fraud prevention, rate limiting, bot detection. Set by Sistava and Cloudflare. Session-based or up to 30 days. - UI preferences: Theme (dark/light), language, sidebar state. Stored in local storage. Persistent until cleared. ## Analytics Cookies These cookies help us understand how visitors use the platform so we can improve it. They may collect information in an aggregated, anonymized form. You can opt out of analytics cookies through the consent banner or via the opt-out methods listed below. - PostHog: Product analytics, session replay, feature flags. Tracks page visits, clicks, errors, and user-flow events. Cookies and local storage. Up to 365 days. Opt out via the consent banner or by sending us an opt-out request. - Google Analytics (GA4): Aggregated website analytics (visits, sources, geography, device type). Cookies. Up to 26 months. Opt out via the consent banner, the Google Analytics opt-out browser add-on , or by sending us an opt-out request. - Datadog Real User Monitoring (RUM): Captures frontend performance (Core Web Vitals, page load times, JavaScript errors, API latency) and user interactions (clicks, navigation) to help us diagnose issues and improve the product. Cookies and local storage. Text input content is masked at the browser level before transmission. EU data residency (Frankfurt). Up to 30 days. ## Functional Cookies These cookies enable enhanced functionality and personalization. They may be set by us or by third-party providers whose features we have added to the platform. - Stripe: Set by Stripe when you initiate a payment, to detect fraud and process the transaction securely. Required for payment processing. See Stripe's cookie policy . ## Marketing & Advertising Cookies We do not use third-party advertising or behavioral retargeting cookies. We do not share personal data with advertisers. We do not run ad networks. We do not place pixels for ad platforms (Meta, Google Ads, LinkedIn Ads, TikTok Pixel, etc.). ## 3. Your Choices You can control cookies in several ways: - Cookie consent banner: When you first visit our website, you can accept or reject non-essential cookies via the banner. You can change your preferences at any time by clearing your browser cookies and revisiting the site, or by contacting us. - Browser settings: Most browsers let you block or delete cookies via their settings. Blocking strictly necessary cookies may break sign-in and other features. - Do Not Track: Some browsers offer a "Do Not Track" signal. Because there is no industry standard for honoring this signal, we currently do not respond to it differently from cookie consent. - Direct opt-out: Email contact@sista.ai to request opt-out from analytics cookies. ## 4. Changes to This Policy We may update this Cookie Policy from time to time as the cookies we use change. The most recent version is always the one published on this page. ## 5. Contact Questions about cookies or this policy? Email contact@sista.ai .