Legal
Cookie Policy
Effective date: April 24, 2026
Kabinary LLC ("we", "us", "Boundrify") is committed to minimal, purposeful use of cookies and similar local-storage technologies. This page lists everything we set on your device when you visit https://boundrify.com or use the Services.
1. What are cookies?
Cookies are small text files saved by your browser. "Local storage" and "session storage" are similar browser-side storage mechanisms. We use local storage rather than cookies for our authentication tokens, but the two are treated equivalently under French law and the GDPR ePrivacy directive.
2. Strictly necessary storage
These items are required for the Services to function. You cannot opt out — disabling them will make sign-in impossible. Under the ePrivacy directive, they do not require consent.
| Name | Type | Purpose | Duration |
|---|---|---|---|
| boundrify_access_token | localStorage | JWT used to authenticate API requests | 60 minutes |
| boundrify_refresh_token | localStorage | Renews the access token when it expires | 7 days |
| boundrify_user | localStorage | Caches your profile for instant UI rendering | Until sign-out |
| boundrify_trusted_device | localStorage | Skips the 2FA prompt on devices you have marked as trusted | 30 days |
| locale, column preferences, … | localStorage | UI preferences (language, table layout, recently viewed items) | 1 year |
3. Audience measurement (no consent required)
We use Plausible Analytics, self-hosted on our own infrastructure. Plausible does not set cookies, does not collect personal data, and does not track users across sites. It generates aggregate, daily-rotated anonymous counters. The CNIL explicitly exempts this class of audience measurement from the consent requirement (CNIL guidance #16).
4. Error reporting
Sentry records frontend crashes so we can diagnose bugs. It may set a short-lived session identifier to group related events, but we have disabled personal-data collection (sendDefaultPii: false) and session replay. Error reports never include your form data.
5. Third-party cookies on embedded forms
Some operations rely on third parties that may set cookies under their own domain:
- Stripe — during checkout, to prevent card fraud. Governed by Stripe's own privacy policy.
- Google reCAPTCHA — on the waiting-list sign-up form, to block bots. Governed by Google's privacy policy.
6. What we do NOT use
- No Google Analytics
- No Facebook Pixel
- No advertising cookies
- No cross-site tracking
- No fingerprinting
- No session replay
Because we only use strictly necessary storage and consent-exempt audience measurement, no cookie banner is displayed. If this ever changes (for example, if we add an advertising pixel), we will ask for your consent beforehand.
7. Managing cookies
Every browser lets you delete or block cookies and local storage. Doing so on boundrify.com will sign you out and clear your local preferences, but you can still browse and re-sign-in. Instructions:
8. Contact
Questions about this Cookie Policy: [email protected].
See also: Privacy Policy.