This Cookies Policy explains how CodexFlow uses cookies, local storage, pixels, SDKs, tags, and similar technologies on https://codexflow.io.
1. Operator
CodexFlow is operated by Nova Group Sp. z o.o., Żurawia 6/12 Lok. 745, 00-503 Warszawa, Poland. For cookie and privacy questions, contact privacy@codexflow.io. For general support, contact support@codexflow.io.
2. What cookies and similar technologies are
Cookies are small text files stored on your device. Similar technologies include local storage, session storage, pixels, tags, SDKs, and server-side identifiers. They can be used to keep the website working, remember consent choices, secure accounts and payments, measure website performance, understand product usage, and support advertising or conversion measurement.
3. Categories used by CodexFlow
CodexFlow may use the following categories:
- Essential cookies and storage: required for website operation, security, checkout, authentication, consent records, and protected digital delivery.
- Analytics cookies and storage: used to understand website usage, documentation visits, funnel performance, and product interest.
- Marketing cookies and storage: used for Google Ads conversion tracking, remarketing, ad measurement, and campaign attribution where consent allows.
- Authentication cookies and storage: used to keep accounts, sessions, and protected access pages working.
- Payment and security cookies: used by payment providers to process payments, prevent fraud, authenticate transactions, and secure checkout.
- Preference cookies: used to remember choices such as consent state, interface settings, or language where applicable.
4. Consent mechanism
CodexFlow may use Cookiebot CMP and Google Consent Mode v2 to request, record, and transmit consent choices. Non-essential analytics, advertising, remarketing, and similar storage are used only according to your consent choices where consent is required.
You can change or withdraw your cookie consent at any time by reopening the cookie settings widget available on the website. Browser settings may also allow you to delete or block cookies, but blocking essential cookies may break checkout, account access, protected downloads, payment authentication, or security features.
5. Google Consent Mode v2
Google Consent Mode v2 helps Google tags adjust behavior based on consent choices. It may use consent signals such as analytics_storage, ad_storage, ad_user_data, and ad_personalization. These signals are not ordinary content cookies themselves; they communicate whether Google services may use storage or personal data for analytics, advertising, and personalization according to your consent.
6. Cookie and storage table
| Provider | Cookie/local storage name or pattern | Category | Purpose | Typical retention | Consent required | Notes |
|---|---|---|---|---|---|---|
| Cookiebot CMP / Usercentrics | CookieConsent, CookieConsentBulkTicket, consent records | Essential / consent management | Stores consent choices and helps prove and respect cookie preferences | 12 months | No for consent record itself | Required to operate the consent mechanism |
| Google Consent Mode v2 | Consent state signals including analytics_storage, ad_storage, ad_user_data, ad_personalization | Consent signaling | Sends consent state to Google tags so they behave according to user choices | session to 12 months, depending configuration | No for basic consent signaling; yes for downstream analytics or ads storage where required | Works with Google Ads, GA4, and Google Tag Manager |
| Google Analytics 4 | _ga, _ga_* | Analytics | Measures site usage, traffic sources, page views, and events | up to 24 months | Yes, where required | Used only according to consent configuration |
| Google Ads | _gcl_au, _gcl_aw, _gcl_dc | Marketing / conversion measurement | Measures ad clicks, conversions, and campaign attribution | 90 days to 6 months | Yes, where required | Used for Google Ads conversion tracking and attribution |
| Google advertising services | IDE, NID, ANID, 1P_JAR, AEC, Google ad identifiers | Marketing / security | Supports ad delivery, frequency control, fraud prevention, and remarketing where enabled | session to 13 months | Yes for advertising and remarketing where required | Exact cookies depend on Google services and browser context |
| Google Tag Manager | Tag execution state and consent-aware tag behavior | Essential / analytics / marketing depending tag | Loads and manages website tags according to consent settings | session or according to loaded tags | Depends on the tag | GTM itself may load other tags listed in this table |
| Plausible Analytics | Usually no standard cookie in cookieless mode; optional site configuration identifiers | Analytics | Privacy-friendly aggregate traffic measurement | none in cookieless mode; otherwise configuration-dependent | Usually no for cookieless aggregate mode; yes if configured with identifiers requiring consent | Plausible is typically configured without cookies |
| PostHog | ph_*, posthog_*, local storage identifiers | Analytics / product analytics | Helps understand product usage, funnel behavior, and website interactions | 12 months to 24 months | Yes, where required | Exact names depend on project configuration |
| Clerk | __session, clerk_*, session/local storage identifiers | Authentication / essential | Provides account login, session management, and protected page access | session to 12 months | No when necessary for account access | Required where user accounts or protected sessions are enabled |
| Stripe | __stripe_mid, __stripe_sid, m, payment security identifiers | Payment / security | Fraud prevention, payment security, checkout reliability, and transaction authentication | 30 minutes to 12 months | No where strictly necessary for payment and fraud prevention | Set by Stripe during payment and fraud-prevention flows |
| Worldline | Worldline payment session cookies, fraud identifiers, transaction session storage | Payment / security | Payment session continuity, fraud prevention, payment authentication, and checkout security | session to 13 months | No where strictly necessary for payment and fraud prevention | Exact names depend on Worldline configuration |
| CodexFlow | codexflow_session, codexflow_access, secure access tokens, local preference storage | Essential / authentication / delivery | Maintains protected access pages, license delivery state, download access, and security | session to 12 months | No where necessary for requested service | Access tokens should be scoped, time-limited, and protected |
| CodexFlow | codexflow_preferences, interface or documentation preferences | Preferences | Remembers non-essential website preferences | 6 months to 12 months | Yes where required | May not be present in all deployments |
| Email and support tools | Support session identifiers and anti-abuse cookies | Essential / support | Enables support requests, form protection, and abuse prevention | session to 12 months | No where necessary for security; yes for non-essential analytics | Exact names depend on provider configuration |
| Security and hosting providers | Load-balancing, firewall, bot-protection, and rate-limit cookies | Essential / security | Protects website availability, prevents abuse, and supports secure delivery | session to 12 months | No where strictly necessary | Names depend on hosting and security provider configuration |
7. Third-party cookies
Some third-party providers may set cookies or similar identifiers when their services are loaded. This can include Google, Stripe, Worldline, Clerk, Cookiebot, Plausible, PostHog, hosting providers, and security providers. Third-party cookies are governed by the relevant provider’s own notices in addition to CodexFlow policies.
8. Analytics and advertising compatibility
CodexFlow intends to keep analytics and advertising compatible with EU privacy expectations by using a consent-management layer, honoring user choices, and separating essential checkout/security cookies from optional analytics and marketing technologies.
Google Ads conversion tracking, remarketing, Customer Match, enhanced conversions, GA4, and similar features should be used only where the relevant consent and disclosure requirements are satisfied.
9. Managing cookies in your browser
You can delete or block cookies through browser settings. If you block essential cookies or local storage, parts of the website may stop working, including checkout, payment authentication, login, protected access pages, consent preferences, or secure downloads.
10. Changes to this Policy
CodexFlow may update this Cookies Policy when providers, tools, consent mechanisms, or website features change.