Cookie Policy

In short: Cookies are small text files stored in your browser. We also use similar technologies such as localStorage and session storage. This policy covers all of them. localStorage and session storage are just other small stores your browser keeps on your own device — like cookies, but they are not sent to other websites.

We use cookies and similar storage technologies to keep you signed in, remember your preferences, understand how the Services are used, and protect against fraud. Some are set by us directly; others are set by trusted third-party providers we embed to run the Services (such as Stripe and Cloudflare).

We group cookies and similar storage by what they are for. A cookie in any category may be set by ResoFlow directly or by a third-party provider we embed.

• Essential — required for the Services to function: keeping you signed in, processing payments, protecting against fraud and automated abuse, and remembering the preferences that make the dashboard work the way you left it (such as timeline zoom level, view filters, or which collapsible sections are open). You cannot opt out of these and the Services will not work without them. They include the storage used by our cookie-consent tool itself.
• Analytics — help us understand which pages and features are used so we can improve the platform. These are non-essential: we do not set them until you accept analytics cookies through the consent banner.

Our consent banner therefore offers two controls: essential cookies (always on, because the Services cannot run without them) and analytics cookies (off until you accept). For clarity, the list in the next section still breaks the always-on essential cookies into Essential andFunctional sub-groups by what each one does — but both are part of the single always-on essential category and neither can be switched off separately. (Your consent banner labels this always-on category “Necessary” — the same thing this policy calls “Essential”.)

We do not use advertising or cross-site tracking cookies. We do not run advertising campaigns, build advertising profiles, or sell your data.

Rather than list every internal storage key, we group what we use by what it is for. Names may change as we develop the platform and as third parties update their products.

Essential

These are required for the Services to work, so they cannot be switched off. We use them to:

• Keep you signed in — your dashboard, staff portal and customer “My Bookings” sessions (set by us and by Google Firebase Authentication; mostly stored in your browser's localStorage rather than as cookies).
• Process payments and prevent fraud — cookies set by Stripe on the pages that take a payment (the booking page and billing screens).
• Protect against bots and automated abuse — cookies and short-lived challenge tokens set by Cloudflare (including its Turnstile widget) and Firebase App Check.
• Remember your cookie choices — a first-party cookie named cc_cookie (set by our own self-hosted cookie-consent tool and kept for about 6 months) so we don’t ask again. Your choice is stored only in your browser and is not sent to any third party.

Functional

These remember small interface choices so the Services behave the way you left them — for example whether sidebars are collapsed, your light/dark appearance, your timeline, floor-plan and list view settings, the date and time window you were viewing, which sections you've expanded, in-app notices you've dismissed, and keeping you signed in to your customer “My Bookings” portal when you tick “Remember me on this device”.

These are all set by ResoFlow in your browser's localStorage or session storage. The exact names may change as we develop the platform; none are cookies, none are analytics, and none are shared with anyone.

Analytics

We also use two cookieless monitoring tools that require no consent because they store nothing on your device:

• Cloudflare Real User Monitoring (RUM) — a lightweight script that records page-load timing, browser type, and country-level location to measure performance. It sets no cookies, stores nothing on your device, and does not track you across sites.
• Sentry — error tracking and, on the signed-in dashboard and staff portal only, session replay. It sets no cookies. On signed-in screens, when an error occurs Sentry may also save a short replay of the moments around it to help us reproduce the fault. All text, form inputs and media are masked in the replay, so we do not see what you typed. Replay does not run on our public marketing, policy or booking pages. This is used only to diagnose faults, not for analytics or advertising.

Cookies set by third parties on their own domains

We embed third-party services — Stripe (payments, on the booking page and billing screens) and Cloudflare Turnstile (bot protection on the booking page, and app-wide as the attestation provider for Firebase App Check). As well as the entries listed above, these providers may set their own cookies on their own domains (for example js.stripe.com or challenges.cloudflare.com). Those cookies are controlled by the respective provider under its own cookie and privacy policy. See our Subprocessors page for links to each provider.

Tracking pixels in emails

Marketing emails sent through the platform contain a small, invisible image (a “tracking pixel”) and tagged links. These are not browser cookies, but they are a similar technology: when the email is opened or a link is clicked, they let the sender see that the email was opened and which links were clicked, so it can measure how the email performed. To avoid this, you can set your email program to stop loading remote images, or use the unsubscribe link in any marketing email to stop receiving them. This does not apply to essential service emails (such as booking confirmations or password resets), which we need to send you.

In short: Analytics cookies are not set until you accept them. You can change your choices at any time through the consent manager, or adjust your browser settings.

When you first visit our public site, our cookie-consent banner asks whether you accept analytics cookies. We do not place any analytics cookies (such as Google Analytics) until you accept — if you ignore the banner or decline, no analytics cookies are set. Essential and functional storage is still used, because the Services cannot work without it.

To change your mind later, click the Cookie Preferences link in our footer. Accepting starts analytics on your next page view; declining stops new analytics data immediately (a page refresh fully clears the analytics tool).

You can also manage cookies in your browser:

• Chrome: Settings → Privacy and security → Cookies and other site data.
• Firefox: Settings → Privacy & Security → Cookies and Site Data.
• Safari: Settings → Privacy → Manage Website Data.
• Edge: Settings → Cookies and site permissions → Cookies and site data.

Disabling essential cookies will prevent the Services from working correctly.

We will update this policy when we add, remove, or change cookies. The "Last updated" date at the top of this page reflects the most recent revision.

For questions about cookies, email [email protected]. For the full privacy picture see our Privacy Policy.