This Cookies Policy explains how Karbon Digital Group (“Karbon Digital,” “we,” “our,” or “us”) uses cookies and similar technologies when you visit our websites or use our services. By continuing to use the Karbon Digital Group Websites, you agree to the use of cookies as described below.
1. Purpose
This policy explains how Karbon Digital Group, including its subsidiaries and affiliates ("Karbon Digital," "we," "our," or "us"), utilizes cookies and similar tracking technologies across our digital properties. It establishes a transparent framework for how we collect, store, and manage user preferences, ensuring alignment with global privacy best practices and regulatory requirements.
2. Scope
This policy applies to all users who visit Karbon Digital websites, use our services, or interact with our online content. By continuing to use the Karbon Digital Group Websites, users agree to the use of cookies and related technologies as outlined in this document.
3.1 KD-POL-COOKIES-26.1: Cookie and Storage Descriptions
Cookies are small text files stored on a user's device (computer, smartphone, or tablet) by websites they visit. They are widely used to make websites function more efficiently and to support security and preferences. Karbon Digital utilizes cookies to maintain active sessions, protect against targeted attacks, and remember user preferences.
In addition to traditional cookies, we leverage local storage and session storage within the browser to support application functionality, such as caching data and preserving in-app state. Session storage is actively cleared when the browser or tab is closed. Local storage persists until it is manually cleared by the user or removed by our systems during a logout event. We explicitly do not use pixel tags (web beacons) or similar tracking technologies for advertising purposes on our websites.
3.2 KD-POL-COOKIES-26.2: Strictly Necessary Cookies
These cookies are essential for the proper functioning of our websites and cannot be disabled in our systems. They support authentication, security, and access to secure areas. Without these cookies, secure features and session maintenance would be non-functional.
Cookie Name: __session
Purpose: Stores your access token so you stay logged in. HTTP-only (not readable by JavaScript).
Set By: Karbon Digital
Duration: Session / token expiry (e.g., 1 hour)
Cookie Name: refresh_token
Purpose: Used to obtain a new access token when the current one expires. HTTP-only.
Set By: Karbon Digital
Duration: Up to 7 days
Cookie Name: csrf_token
Purpose: Used to prevent cross-site request forgery (CSRF). Read by the app so it can send the token in a request header; validated by servers.
Set By: Karbon Digital
Duration: Up to 7 days
Note: We may also clear a legacy access_token cookie on logout for backward compatibility.
3.3 KD-POL-COOKIES-26.3: Performance and Analytics Cookies
We utilize Firebase Analytics (Google) to understand how visitors interact with our websites, including page visits, navigation paths, and error occurrences. This aggregated data is used strictly to improve site performance. Firebase Analytics may set first-party cookies and/or use other identifiers in accordance with Google's privacy policies. We also store a localized analytics session identifier (analytics_session_id) to associate events with a single session for analytics implementation only.
3.4 KD-POL-COOKIES-26.4: Functionality Cookies / Local and Session Storage
We use local and session storage to optimize user experience and support application behavior, specifically for:
Authentication and session: Caching user profile information, authentication timestamps, and redirect paths post-login.
Workspace and profile cache: Storing workspace lists and profile data to reduce load times; this data is short-lived and cleared upon logout.
In-app flows: Managing session-only data like onboarding states, dashboard-to-chat context, and OAuth/PKCE states for the duration of sign-in flows.
Integrations: Maintaining temporary identifiers for cloud integrations.
None of this localized storage is used for advertising or cross-site tracking.
3.5 KD-POL-COOKIES-26.5: Targeting and Advertising Cookies
We do not currently use targeting or advertising cookies, nor do we build advertising profiles or track users across third-party websites. We do not place cookies for the purpose of delivering advertisements on our site or on third-party platforms.
3.6 KD-POL-COOKIES-26.6: Managing and Disabling Cookies and Storage
Users can manage or disable cookies directly through their browser settings. Disabling strictly necessary cookies will prevent users from staying logged in and utilizing secure features.
Users can clear local and session storage via browser developer tools or by clearing site data for our domain.
Logging out of our service automatically clears or invalidates the authentication-related data we store.
To opt out of Google Analytics (including Firebase), users can install the Google Analytics Opt-out Browser Add-on or utilize privacy-focused browser extensions.
3.7 KD-POL-COOKIES-26.7: Do Not Track (DNT) Signals
While some browsers transmit "Do Not Track" (DNT) signals, there is currently no universal standard for how sites must respond. Karbon Digital does not currently alter its system behavior based on DNT signals.
4. Roles and Responsibilities
Compliance Team / Legal Counsel: Owns and maintains this policy, ensuring alignment with global privacy regulations.
Infrastructure and Security Lead: Ensures that strictly necessary cookies and authentication tokens (e.g., HTTP-only implementations) meet internal security standards.
VP of Engineering: Implements cookie consent mechanisms, local storage rules, and analytics integrations in accordance with this policy.
5. Compliance
Non-compliance with the storage and tracking parameters outlined in this policy by Karbon Digital personnel may result in disciplinary action. Any introduction of new tracking technologies requires prior review and approval by the Compliance Team.
6. Review
This policy is reviewed at least annually and upon material changes to Karbon Digital’s tracking technologies, analytics providers, or applicable global privacy laws. Questions regarding this policy can be directed to the Compliance Team at legal@karbondigital.com.
