Cookie Policy
Last updated: February 2025
1. What are cookies
Cookies are small text files that are placed on your computer, tablet, or mobile device when you visit a website or use an application. They are widely used to make websites and apps work more efficiently, to provide a better user experience, and to give the operator useful information about how the site or app is used.
Cookies can be "first-party" (set by the site you are visiting, e.g. Vaulto) or "third-party" (set by a different domain, such as an analytics or advertising provider). They can also be classified by how long they persist: "session" cookies are deleted when you close your browser, while "persistent" cookies remain for a set period or until you delete them. Cookies may store preferences, login state, and identifiers that help us and our partners operate and improve the Service.
This Cookie Policy explains what cookies and similar technologies we use, why we use them, and how you can manage your choices. It should be read together with our Privacy Policy, which describes our overall approach to personal data.
2. Similar technologies
In addition to cookies, we may use other technologies that serve similar functions or that work alongside cookies:
- Local storage and session storage: Browser storage mechanisms that allow us to store data on your device (e.g. preferences, cache) to improve performance and keep you signed in within a session.
- Pixel tags and web beacons: Small graphics embedded in emails or pages that can be used to understand whether content was opened or viewed and to collect limited technical data (e.g. IP, time).
- Scripts and SDKs: Code that runs in your browser or in our applications to deliver functionality and, in some cases, to enable analytics or security features.
Where these technologies collect or process personal data, we treat that data in accordance with our Privacy Policy and applicable law. In this policy, we use the term "cookies" broadly to include cookies and these similar technologies where the context applies.
3. Why we use cookies
We use cookies and similar technologies for the following purposes:
- Strictly necessary: To enable core functionality such as authentication, session management, security (e.g. CSRF protection), load balancing, and compliance with security or legal requirements. The Service cannot function properly without these; they do not require your consent under laws that distinguish between necessary and optional cookies.
- Functional: To remember your preferences (e.g. language, region, theme), to keep you signed in across sessions if you choose "Remember me", and to provide enhanced or personalized features within the Service.
- Analytics and performance: To understand how the Service is used (e.g. which pages are visited, how long users stay, and whether they encounter errors). We use this information in aggregated form to improve the product and fix issues. Where we use third-party analytics, we configure them to minimize the collection of personally identifiable information and to respect Do Not Track and similar signals where we support them.
- Security and fraud prevention: To help detect and prevent abuse, fraud, and unauthorized access (e.g. by analyzing patterns and verifying that requests come from legitimate users).
We do not use cookies for third-party advertising or to track you across unrelated websites for advertising purposes. We do not sell data collected via cookies to third parties.
4. Types of cookies we use and cookie table
The following table describes the main categories of cookies we use and gives examples. Cookie names and durations may change as we update our Service or providers; this table is intended to give you a clear picture of our practices. Specific cookies may vary by product region and plan.
| Category | Purpose | Duration | Type |
|---|---|---|---|
| Session / authentication | Keep you signed in and maintain session state | Session or up to 30 days | First-party, strictly necessary |
| Security (e.g. CSRF) | Protect against cross-site request forgery and validate requests | Session | First-party, strictly necessary |
| Preferences | Remember language, region, theme, and other settings | Up to 1 year | First-party, functional |
| Analytics (first-party) | Aggregate usage statistics to improve the product | Up to 2 years | First-party, analytics |
| Analytics (third-party) | Usage and performance analysis via our analytics provider | As per provider (e.g. 12–24 months) | Third-party, analytics |
| Load balancing / routing | Distribute traffic and maintain availability | Session or short-lived | First-party, strictly necessary |
Example cookie names we or our infrastructure may use include session identifiers (e.g. prefixed with "session" or "sid"), CSRF tokens, and preference keys (e.g. "theme", "locale"). We do not list every possible cookie name here because they can change with updates; the categories and purposes above reflect our ongoing approach. If you have a specific question about a cookie you see in your browser, you can contact us with the name and domain and we will clarify its purpose.
5. Third-party cookies and integrations
When you use the Service, third-party services we integrate with may set their own cookies or similar technologies. For example:
- Analytics providers: We may use analytics services to understand usage patterns. These providers may set cookies to distinguish unique users and sessions. Their use of data is governed by their own privacy policies; we choose providers that commit to processing data in line with our instructions and applicable law.
- Identity and authentication: If you sign in via a third-party identity provider (e.g. SSO, Google, Okta), that provider may set cookies on their domain in accordance with their policy. We do not control those cookies.
- Support and communication tools: If we embed chat, support, or feedback widgets, the vendors of those tools may set cookies when you interact with them.
We encourage you to review the privacy and cookie policies of these third parties. We do not control their cookies or data practices; we only allow their use where we believe it is consistent with our commitment to privacy and security.
6. Your choices and how to manage cookies
You have several options to control or limit how cookies are used:
- Browser settings: Most browsers let you block or delete cookies (and sometimes other storage) through their settings. You can usually find these under "Privacy", "Security", or "Cookies". Blocking all cookies may prevent you from signing in or using certain features of the Service, because some cookies are strictly necessary.
- Cookie preferences (where offered): If we provide a cookie preference center or consent banner on our website, you can use it to opt in or out of non-essential categories (e.g. analytics or functional cookies) where required by law. Essential cookies cannot typically be disabled if you wish to use the Service.
- Do Not Track and global opt-out: Some browsers send a "Do Not Track" (DNT) signal. We consider DNT and similar signals where our analytics or third-party tools support them, and we aim to limit tracking accordingly where feasible. We do not currently respond to DNT for essential and security-related cookies, as they are required for the Service to function.
If you disable or delete cookies, you may need to sign in again and re-enter preferences. Some features that rely on cookies may not work correctly. Disabling third-party cookies may not affect first-party cookies we set for the core operation of the Service.
7. Region-specific information
In the European Economic Area (EEA), United Kingdom, and other jurisdictions that require a legal basis for setting non-essential cookies, we rely on your consent for optional cookies (e.g. analytics and non-essential functional cookies) where we offer a choice. Strictly necessary cookies are used based on our legitimate interest in providing a secure and functional Service and, where applicable, to perform our contract with you.
In California and other U.S. states with similar laws, we treat information collected via cookies that identifies or relates to you as personal information where applicable, and we describe our practices in our Privacy Policy, including any rights you have to know, delete, or opt out of "sales" or "sharing" (we do not sell personal information as defined under the CCPA).
If you have questions about how cookies are used in your region or wish to exercise your rights, please contact us using the details in the Contact section below.
8. Updates to this Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technology, legal requirements, or the Service. We will post the updated policy on this page and update the "Last updated" date. For material changes (e.g. new categories of cookies or new third-party providers), we may provide additional notice via the Service or by email where appropriate, and we may seek your consent where required by law. We encourage you to review this policy periodically.
9. Contact
For questions about our use of cookies or to exercise your preferences or rights regarding cookies and similar technologies, please contact us using the details on our website or in your account settings. For more information about how we handle personal data generally, see our Privacy Policy.