Install it now — it's free to install and use
Droplio.io
Join free
Back to home page
Legal document

Cookie Policy

Information about cookies and tracking technologies used on the Droplio.io platform.

Last updated: 22 March 2026

§1. What are cookies?

  1. Cookies are small text files saved on the User's device (computer, smartphone, tablet) by the web browser when visiting a website.
  2. Cookies may be session-based (deleted when the browser is closed) or persistent (stored for a specific period or until manually deleted).
  3. In addition to cookies, the Platform may use similar technologies such as local storage, session storage, tracking pixels, and web beacons.

§2. Cookie controller

  1. The controller of first-party cookies is Windify Digital Services, with its registered office at ul. Płocka 127/16, 87-800 Włocławek, NIP: 8943145650, REGON: 384382857.
  2. The Platform may also use third-party cookies installed by external service providers listed in this Policy.

§3. Cookie categories

The following categories of cookies are used on the Platform:

Always active

Necessary

Required for the Platform to function correctly. Their use does not require the User's consent pursuant to Art. 173(3) of the Telecommunications Law (they are necessary for providing the service requested by the User). They include:

  • Sessions and authentication — NextAuth session tokens, CSRF tokens. Enable login, session maintenance, and form protection.
  • Cloudflare Turnstile — anti-spam and anti-bot cookies on registration, login, and contact forms. Provider: Cloudflare, Inc.
  • Cookie preferences — storing the User's choice regarding acceptance/rejection of cookies (local storage).
  • Stripe (payments) — cookies necessary for processing payments and fraud prevention. Set by Stripe, Inc. during the credit purchase process. Provider: Stripe, Inc. (PCI DSS Level 1 certified).
  • Theme preferences — storing the light/dark theme setting (local storage).

These cookies cannot be disabled — they are essential for the Platform to function.

Optional

Analytics

Used to collect anonymous statistical data about how the Platform is used. Installed only after the User gives consent. They allow us to improve content and functionality.

  • Google Tag Manager (GTM) — tag management system that loads analytics and marketing scripts. GTM itself does not set cookies — this is done by the scripts it loads (e.g. GA4). Provider: Google LLC.
  • Google Analytics 4 (GA4) — traffic analysis: visit counts, traffic sources, user behaviour, time on page, bounce rate. Anonymised data (IP anonymisation). Provider: Google LLC. Retention: up to 14 months.
  • PostHog — analytics platform for collecting anonymous statistical data on Platform usage (visited subpages, interactions with interface elements, feature-usage events). Provider: PostHog, Inc. (data processed on EU servers — eu.i.posthog.com). Cookies / local storage: ph_*, distinct_id. Retention: up to 12 months.
Optional

Marketing

Used for conversion tracking and displaying personalised ads on external networks. Installed only after the User gives consent. They enable remarketing — reaching Users who have visited the Platform.

  • Meta Pixel (Facebook Pixel) — Meta Platforms, Inc. tracking pixel. Used for tracking conversions from Facebook and Instagram ads, creating Custom Audiences, and remarketing. Cookies: _fbp, _fbc, fr. Retention: up to 90 days.

§4. Detailed cookie list

NameProviderPurposeDurationType
authjs.*Droplio.ioSession, CSRFSessionNecessary
cf_turnstile_*CloudflareAnti-bot protection (Turnstile)30 minNecessary
__stripe_mid, __stripe_sidStripePayments, fraud prevention1 year / sessionNecessary
themeDroplio.ioUI theme (local storage)PersistentNecessary
_ga, _ga_*GoogleTraffic analysis14 mo.Analytics
_gidGoogleAnalytics session ID24 hr.Analytics
ph_*PostHogProduct analytics12 mo.Analytics
_fbpMetaConversion tracking90 daysMarketing
_fbcMetaFacebook Click ID90 daysMarketing
frMetaRemarketing, ads90 daysMarketing
distinct_idPostHogAnalytics identifier12 mo.Analytics
droplio-cookie-consentDroplio.ioCookie consent record (local storage)PersistentNecessary

§5. Legal basis

  1. The rules for storing and accessing cookies on the User's device are governed by Article 5(3) of the ePrivacy Directive (2002/58/EC), as implemented in Poland by Art. 173 and 174 of the Telecommunications Law of 16 July 2004 (Journal of Laws of 2024, item 34 as amended), and in the United Kingdom by the Privacy and Electronic Communications Regulations 2003 (PECR).
  2. Necessary cookies — exempt from the consent requirement under Article 5(3) of the ePrivacy Directive (necessary for providing the service requested by the User), as implemented by Art. 173(3) of the Polish Telecommunications Law and Regulation 6(2) of the UK PECR 2003. The legal basis for processing associated personal data is Art. 6(1)(f) GDPR (legitimate interest of the controller — ensuring Platform functionality). They do not require the User's consent.
  3. Analytics and marketing cookies — processed solely on the basis of the User's prior, voluntary, specific, informed, and unambiguous consent (Art. 173(2) of the Telecommunications Law and Art. 6(1)(a) GDPR), given via the cookie banner displayed on the User's first visit to the Platform. These cookies are not installed before consent is given.
  4. The User may withdraw or change their consent at any time by deleting cookies from the browser, using the browser's privacy settings, or deleting the Platform's local storage data. Withdrawal of consent does not affect the lawfulness of processing carried out on the basis of consent before its withdrawal.

§6. Transfer of data outside the EEA

Some third-party entities process data outside the European Economic Area (EEA). This applies in particular to Google LLC, Meta Platforms, Inc., and Stripe, Inc. (USA). PostHog, Inc. processes data on servers in the European Union (eu.i.posthog.com).
  1. Data transfers to the USA take place on the basis of the EU-US Data Privacy Framework (European Commission Decision of 10 July 2023) or standard contractual clauses (SCCs).
  2. The Service Provider uses only providers that ensure an adequate level of protection of personal data in accordance with the requirements of the GDPR.
  3. For users in the United Kingdom, data transfers are carried out on the basis of the UK Extension to the EU-US Data Privacy Framework (in force since 12 October 2023), the UK International Data Transfer Agreement (UK IDTA), or the UK Addendum to EU Standard Contractual Clauses, as applicable.

§7. Managing cookies

  1. On the User's first visit to the Platform, a cookie banner is displayed, allowing the User to:
    • accept all cookies;
    • reject optional cookies (accept necessary cookies only);
    • customise preferences for individual categories (analytics, marketing).
  2. Before the User gives consent, no optional cookies are installed. Analytics and marketing scripts are activated only after consent is given for the relevant category.
  3. The User may change or withdraw their consent at any time by clicking the "Manage cookies" link available in the page footer and in the Platform's sidebar. This link reopens the cookie banner with the User's current preferences, allowing them to be changed.

  4. The User may also manage cookies at the browser level:

    • Chrome: Settings → Privacy and security → Cookies
    • Firefox: Settings → Privacy and security → Cookies
    • Safari: Preferences → Privacy → Manage website data
    • Edge: Settings → Privacy and services → Cookies
  5. Deleting cookies may result in the loss of some User settings and preferences, and may require giving cookie consent again.
  6. Blocking necessary cookies may prevent the Platform from functioning correctly.

§8. User rights

In connection with the processing of data via cookies, the User has the following rights under the GDPR:

  • Right of access — obtaining information about processed data (Art. 15 GDPR).
  • Right to rectification — correcting inaccurate data (Art. 16 GDPR).
  • Right to erasure — requesting deletion of data (Art. 17 GDPR).
  • Right to restriction — restriction of data processing (Art. 18 GDPR).
  • Right to data portability — receiving data in a structured format (Art. 20 GDPR).
  • Right to object — objecting to processing based on legitimate interest (Art. 21 GDPR).
  • Right to withdraw consent — at any time, without affecting the lawfulness of prior processing (Art. 7(3) GDPR). Withdrawing consent is as easy as giving it — simply delete cookies from the browser.
  • Right to lodge a complaint — to your local data protection supervisory authority. For users in Poland: the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warsaw. For users in the United Kingdom: the Information Commissioner's Office (ICO), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF (ico.org.uk). For users in other EU/EEA countries: your national data protection authority.

To exercise the above rights, please contact us at: office@droplio.io

§9. Changes to the Cookie Policy

  1. The Service Provider reserves the right to amend this Cookie Policy at any time, in particular in the event of changes in legislation, the addition of new tracking technologies, or changes in service providers.
  2. Changes take effect upon publication on the Platform. In the event of significant changes, the User may be asked to give cookie consent again.
  3. We recommend reviewing the content of this Policy regularly.

Windify Digital Services
ul. Płocka 127/16, 87-800 Włocławek
NIP: 8943145650 | REGON: 384382857
E-mail: office@droplio.io | Tel: 787-667-271