naffe.ai

Cookie Policy

EU + US

Last updated: March 2026

1. What Are Cookies

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and supply information to the site owners. Cookies can be "persistent" (remaining on your device until they expire or you delete them) or "session" cookies (deleted when you close your browser).

In addition to cookies, we may use similar technologies such as local storage, session storage, and pixel tags. References to "cookies" in this policy include all such technologies unless otherwise stated.

2. Cookies We Use

The following table describes the cookies set by naffe.ai and their purposes. We categorize cookies into three groups based on their function.

Cookie NameCategoryPurposeDuration
sb-*-auth-tokenStrictly NecessaryAuthentication session token. Identifies your logged-in session and authorizes API requests.Session / 7 days
sb-*-auth-token-code-verifierStrictly NecessaryPKCE code verifier for secure OAuth authentication flows.Session
mcp_oauth_stateStrictly NecessaryTemporary state token used during third-party OAuth connection flows (e.g., connecting Google Calendar). Prevents cross-site request forgery.10 minutes
cookie_consentStrictly NecessaryRecords your cookie consent preferences so we do not ask you repeatedly.12 months
themeFunctionalStores your display preference (light/dark mode) for a consistent visual experience.12 months
localeFunctionalRemembers your language preference for the platform interface.12 months
_vercel_*AnalyticsAggregated, anonymous performance analytics provided by our hosting infrastructure. Measures page load times and error rates to help us improve reliability.Session / 24 hours

3. Cookie Categories Explained

Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be switched off. They are set in response to actions you take, such as logging in, setting your privacy preferences, or connecting third-party services. Without these cookies, core features like authentication and secure API access would not work. These cookies do not store any personally identifiable information beyond what is needed for session management.

Legal basis: Legitimate interest and contractual necessity. No consent is required for strictly necessary cookies under the ePrivacy Directive (Art. 5(3)) or the GDPR (Art. 6(1)(b) and (f)).

Functional Cookies

Functional cookies enable enhanced features and personalization, such as remembering your preferred language or display theme. They may be set by us or by third-party providers whose services we have added to our pages. If you disable these cookies, some or all of these features may not work correctly, but the core platform will remain functional.

Legal basis: Consent (EU/EEA users) or legitimate interest (other jurisdictions).

Analytics Cookies

Analytics cookies help us understand how visitors interact with our platform by collecting aggregated, anonymized information. This data helps us identify performance issues, understand usage patterns, and improve the platform experience. We do not use analytics cookies to build individual user profiles or for advertising purposes.

Legal basis: Consent (EU/EEA users). Analytics cookies are only activated after you provide explicit consent through our cookie banner.

4. EU Cookie Consent

In accordance with the EU ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC) and the General Data Protection Regulation (GDPR), we obtain your explicit, informed consent before placing any non-essential cookies on your device if you are located in the EU or European Economic Area (EEA).

When you first visit naffe.ai, you will see a cookie consent banner that allows you to:

  • Accept all cookies - enables all cookie categories including functional and analytics.
  • Accept necessary only - limits cookies to those strictly required for the platform to function.
  • Manage preferences - choose which categories of non-essential cookies to allow.

You can change your cookie preferences at any time by clearing your browser cookies and revisiting the site, which will re-trigger the consent banner. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal.

Strictly necessary cookies do not require consent, as they are exempt under Article 5(3) of the ePrivacy Directive. These cookies are essential for the service you have explicitly requested.

5. US Tracking Disclosure

For users in the United States, we provide the following disclosures in compliance with the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and comparable state privacy laws.

  • No sale or sharing. We do not sell your personal information or share it for cross-context behavioral advertising purposes. No cookies on naffe.ai are used for targeted advertising.
  • No third-party ad tracking. We do not allow third-party advertising networks to place cookies on our platform.
  • Do Not Track. We honor Do Not Track (DNT) browser signals. When a DNT signal is detected, we disable all non-essential cookies and tracking technologies.
  • Global Privacy Control. We recognize and comply with Global Privacy Control (GPC) signals as a valid opt-out of the sale or sharing of personal information, as required by the CPRA.

For more information about your rights under US privacy laws, please see our Privacy Policy.

6. Third-Party Cookies

Some cookies on naffe.ai may be set by third-party service providers that we use to operate and improve the platform. These providers act as data processors under contractual obligations that restrict how they may use the data collected through these cookies.

Third-party cookies on our platform may include:

  • Hosting provider cookies - set by our cloud infrastructure provider for load balancing, performance monitoring, and abuse prevention.
  • Authentication provider cookies - set during the sign-in process by our identity and authentication service.
  • OAuth provider cookies - when you connect third-party services (e.g., Google Calendar, Gmail), those providers may set their own cookies during the authorization flow. These cookies are governed by the respective provider's cookie policy.
  • Payment processor cookies - set by our payment provider during checkout to prevent fraud and process transactions securely.

We do not control third-party cookies set during OAuth or payment flows. We encourage you to review the cookie policies of any third-party services you connect through naffe.ai.

7. Managing Cookies

You have the right to control which cookies are placed on your device. In addition to our cookie consent mechanism, you can manage cookies through your browser settings.

Most browsers allow you to:

  • View what cookies are currently stored and delete them individually or in bulk.
  • Block cookies from specific sites or all sites.
  • Block third-party cookies while allowing first-party cookies.
  • Set your browser to notify you when a cookie is being set, so you can decide whether to accept it.
  • Clear all cookies when you close the browser.

Instructions for managing cookies in common browsers:

  • Chrome: Settings > Privacy and Security > Cookies and other site data
  • Firefox: Settings > Privacy & Security > Cookies and Site Data
  • Safari: Preferences > Privacy > Manage Website Data
  • Edge: Settings > Cookies and Site Permissions > Cookies and site data

Please note that blocking strictly necessary cookies will prevent you from using naffe.ai, as authentication and core functionality depend on these cookies. Blocking functional or analytics cookies may reduce the quality of your experience but will not prevent you from using the platform.

8. Data Collected Through Cookies

The information collected through cookies may include:

  • A unique session identifier (anonymized, not linked to your name or email).
  • Your language and display preferences.
  • Aggregated page view and performance metrics (analytics cookies only).
  • Temporary OAuth state tokens during third-party connection flows.

We do not use cookies to collect financial information, health data, biometric data, or precise geolocation data. Cookie data is not combined with other personal data to create user profiles for marketing or advertising purposes.

9. Cookie Retention

Cookies are retained only for as long as necessary to fulfill their stated purpose:

  • Session cookies are deleted when you close your browser.
  • Authentication cookies expire after 7 days of inactivity, requiring you to sign in again.
  • Preference cookies persist for up to 12 months, after which they are refreshed or deleted.
  • OAuth state tokens expire after 10 minutes and are automatically deleted.

You can delete any cookie at any time through your browser settings, regardless of its configured expiration.

10. International Data Transfers

Cookie data may be processed in countries outside your jurisdiction. Where cookie data is transferred outside the EU/EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (EU 2021/914) or adequacy decisions. For more information about international transfers, please see our Privacy Policy and Data Processing Addendum.

11. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify you through a revised cookie consent banner.

We encourage you to review this policy periodically to stay informed about how we use cookies.

12. Related Policies

This Cookie Policy should be read alongside our other legal documents:

13. Contact

If you have questions about this Cookie Policy or our use of cookies, please contact us:

naffe.ai (yellow3 lab)

Denmark, EU

Email: privacy@naffe.ai

For EU/EEA residents, you have the right to lodge a complaint with your local data protection authority if you believe your rights have not been respected.