Cookie Policy
Last Updated: April 11, 2026
1. Introduction
This Cookie Policy explains how Notly ("we," "our," or "us") uses cookies and similar technologies on our website and application. This policy complies with the EU ePrivacy Directive and GDPR.
2. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and improve your experience.
Types of cookies:
- Session cookies: Temporary, deleted when you close your browser
- Persistent cookies: Remain on your device for a set period
- First-party cookies: Set by Notly
- Third-party cookies: Set by external services
3. Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the Service to function. You cannot opt out of these cookies.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
auth_token | User authentication | Session/30 days | First-party |
session_id | Session management | Session | First-party |
csrf_token | Security (CSRF protection) | Session | First-party |
cookie_consent | Records your cookie preferences | 1 year | First-party |
Legal Basis: Strictly necessary for contract performance (Article 6(1)(b) GDPR)
3.2 Functional Cookies
These cookies enhance functionality and personalization. They are not strictly necessary but improve user experience.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
theme_preference | Remembers dark/light mode | 1 year | First-party |
language | Remembers language preference | 1 year | First-party |
sidebar_state | Remembers UI state | 1 year | First-party |
Legal Basis: Consent (Article 6(1)(a) GDPR) or legitimate interest (Article 6(1)(f) GDPR)
3.3 Analytics Cookies (Optional)
We use analytics cookies to understand how users interact with our Service. These are optional and require your consent.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
_ga | Google Analytics - distinguish users | 2 years | Third-party |
_gid | Google Analytics - distinguish users | 24 hours | Third-party |
_gat | Google Analytics - throttle requests | 1 minute | Third-party |
Data Collected (anonymized):
- Pages visited
- Time spent on pages
- Device and browser type
- General location (city/country level)
- Referral source
Legal Basis: Consent (Article 6(1)(a) GDPR)
3.4 Marketing Cookies
Currently, we do not use marketing or advertising cookies. If we introduce them in the future, we will update this policy and request your consent.
4. Local Tier - No Cookies
If you use Notly Local Tier (without creating an account):
- We do not set any cookies
- No data is transmitted to our servers
- No tracking or analytics occur
- Your usage is completely private
5. Third-Party Cookies
We use limited third-party services:
Google Analytics (optional):
- Privacy Policy: https://policies.google.com/privacy
- Opt-out: https://tools.google.com/dlpage/gaoptout
Payment Processors (Stripe/PayPal):
- Only active during checkout process
- Subject to their own privacy policies
- We do not control their cookies
6. Other Tracking Technologies
6.1 Local Storage
We use browser local storage for:
- Caching user preferences
- Offline functionality
- Reducing server requests
Local storage data remains on your device and is not transmitted to our servers.
6.2 Session Storage
Used for temporary data during your browsing session, cleared when you close the browser.
6.3 Web Beacons
We do not currently use web beacons or tracking pixels. If introduced, we will update this policy.
7. Managing Your Cookie Preferences
7.1 Cookie Consent Banner
When you first visit Notly, you'll see a cookie consent banner where you can:
- Accept all cookies
- Reject optional cookies (only essential cookies will be used)
- Customize your preferences (choose which categories to allow)
7.2 Cookie Settings
You can change your preferences at any time:
- Click "Cookie Settings" in the footer
- Visit your account settings
- Manage preferences in the cookie banner
7.3 Browser Controls
You can control cookies through your browser settings:
Chrome: Settings → Privacy and Security → Cookies Firefox: Settings → Privacy & Security → Cookies and Site Data Safari: Preferences → Privacy → Cookies and website data Edge: Settings → Cookies and site permissions
Note: Blocking essential cookies may prevent you from using the Service.
7.4 Opt-Out Tools
- Google Analytics: https://tools.google.com/dlpage/gaoptout
- Network Advertising Initiative: https://optout.networkadvertising.org/
- Your Online Choices (EU): https://www.youronlinechoices.com/
8. Do Not Track (DNT)
We respect Do Not Track signals. When DNT is enabled:
- We disable optional analytics cookies
- Only essential cookies are used
- No behavioral tracking occurs
9. Mobile Applications
Our mobile apps use similar technologies:
- Device identifiers (for authentication and security)
- Local storage (for offline functionality)
- Analytics (optional, can be disabled in settings)
All mobile data collection follows the same principles as web cookies.
10. Updates to This Cookie Policy
We may update this policy to reflect:
- Changes in cookie usage
- New features or services
- Legal requirements
- User feedback
Material changes will be notified via:
- Email (for registered users)
- In-app notification
- Updated "Last Updated" date
Your continued use after changes constitutes acceptance.
11. Your Rights
Under GDPR, you have rights regarding cookies and tracking:
- Right to information: This policy provides transparency
- Right to consent: You can accept or reject optional cookies
- Right to withdraw: Change your preferences at any time
- Right to object: Block cookies via browser settings
12. Contact Us
For questions about our cookie practices:
- Email: privacy@getnotly.com
- Cookie Settings: Available in footer and account settings
13. Supervisory Authority
If you're in the EU and have concerns about our cookie practices, you can contact your local data protection authority.
14. Technical Details
14.1 Cookie Lifespan
- Session cookies: Deleted when browser closes
- Persistent cookies: Vary by type (see tables above)
- Maximum duration: 2 years for any persistent cookie
14.2 Data Security
- Cookies containing sensitive data are encrypted
- HTTPS-only cookies (secure flag set)
- SameSite attribute configured to prevent CSRF attacks
14.3 Cookie Consent Record
We maintain a record of your consent choices, including:
- Timestamp of consent
- Version of cookie policy accepted
- Categories of cookies consented to
- Consent withdrawal (if applicable)
This record is kept for compliance purposes per Article 7(1) GDPR.