Cookie notice
Ultron uses cookies and similar storage technologies on its websites and inside the application. This notice describes what we set, why we set it, who can set storage that runs on our domain, and how you control it. The notice is part of our compliance with the ePrivacy Directive as implemented in Romanian law and with the consent rules of the GDPR.
Overview
A cookie is a small piece of data that a website stores in your browser so it can recognise the same browser on later requests. Similar technologies include local storage, session storage, and indexed databases held by the browser. This notice uses the word cookie loosely to cover all of them.
Two questions decide how we treat any given cookie. First, is it strictly necessary to deliver a service you have asked for. Second, who set it. We are responsible for cookies set on our domains. We disclose cookies set by third parties whose code we load (for example, the payment provider on the checkout page), and we obtain consent before those run wherever the law requires it.
What we set
| Cookie | Category | Purpose | Lifetime |
|---|---|---|---|
| ultron_session | Strictly necessary | Keeps you logged in across page loads. Set after successful authentication. | Session, refreshed on activity |
| ultron_csrf | Strictly necessary | Protects against cross-site request forgery on form submissions. | Session |
| ultron_workspace | Strictly necessary | Remembers the workspace you are currently viewing. | 1 year |
| ultron_consent | Strictly necessary | Stores your cookie preferences so the banner does not appear repeatedly. | 12 months |
| ph_* | Analytics (consent required) | Product analytics events captured by PostHog (page views, feature usage, anonymised user id). | 12 months |
| stripe_* | Strictly necessary on checkout | Payment provider fraud prevention. Loaded only on pages where you can buy or update payment. | Variable, set by Stripe |
Categories
We group cookies into two categories.
- Strictly necessary. Required to deliver a service you have requested. We rely on the exception from consent in the ePrivacy Directive for these, but we still list them so you know what they do.
- Analytics. Help us understand how the product is used in aggregate. These never run without your consent. Disabling them does not affect product functionality.
We do not currently use cookies for advertising or for cross-site tracking. If that changes, we will update this notice and re-prompt for consent.
Third party storage
Some pages load resources from third parties that may set their own cookies on those pages. The most common cases are listed above (Stripe on checkout, PostHog when analytics consent has been granted). The third parties' own cookie notices apply to those cookies. We list third parties on the Subprocessors page.
Consent
On your first visit, we show a cookie banner that asks for your consent to non-essential cookies. The banner has equally prominent options to accept and to reject. Strictly necessary cookies run regardless of your choice. If you reject non-essential cookies, the banner closes and we do not load the analytics tag for that visit.
We do not treat continued use of the site as consent. The choice is recorded only when you click one of the buttons. Lack of a click leaves consent ungranted.
How to control
You can change your cookie preferences at any time from the cookie settings link in the footer, or by clearing cookies in your browser and revisiting the site so the banner reappears. Most browsers also let you block cookies entirely or warn you each time one is set; check your browser's privacy settings for instructions.
Changes
If we add a cookie that requires consent or change the purpose of an existing cookie in a way that affects you, we update this notice and re-prompt the cookie banner for affected users. Minor edits (renaming a cookie, fixing a lifetime) are made without a new prompt.