Cookie Policy

Essential cookies and storage

• `clientflow_session` keeps business owners logged in for up to 30 days. It is HttpOnly, SameSite=Lax, and Secure in production.
• `trislon-analytics-consent` stores the visitor's accept or reject choice until they change it or clear browser storage.
• Local dashboard storage can save drafts and workspace preferences for the signed-in owner.

Analytics storage on mini-sites

Public mini-sites ask for analytics consent before creating a persistent visitor ID, a session ID, source/campaign context, or sending visit and interaction events to `/api/track`. Persistent analytics storage remains until it is cleared or consent is withdrawn; session storage ends with the browser session. If analytics is rejected or not chosen, lead forms can still work, but optional visits and campaign events are not tracked.

Third-party services

• Stripe may use cookies or hosted pages when a customer opens checkout or the billing portal.
• Firebase, Google, and Facebook may use their own storage when a user actively chooses social sign-in.
• Cloudflare Turnstile may be used to protect public forms from spam when configured.

Changing your choice

On public mini-sites, use the Cookie settings link in the footer to accept or reject analytics storage. Rejecting after a previous acceptance stops optional tracking and removes TRISLON's optional analytics identifiers from that browser. You can also clear site data in your browser.