Cookie Policy

Cookies are small text files placed on your device by a website. Similar browser technologies include localStorage, sessionStorage, pixels, SDK storage, and server logs. They can remember choices, keep you signed in, protect sessions, and help operate a web service.

2.1 Strictly necessary cookies and storage

These are required for core platform functions such as authentication, security, language routing, account access, request tracking, upload handling, payment checkout redirects, and remembering your cookie choice. They cannot be disabled through the cookie banner.

• vendor_token - first-party authentication cookie for vendor portal access. Usually valid for up to 7 days, or until logout/expiry/deletion.
• NEXT_LOCALE - first-party language preference cookie. Usually valid for up to 1 year.
• cookie-consent - localStorage value that remembers whether you accepted or declined the cookie notice.
• vendorToken - localStorage authentication token used by vendor dashboard API calls. The token expires according to server settings and is cleared on logout where possible.
• vendorInfo - localStorage value with basic vendor account information for dashboard display; cleared on logout where possible.
• admin_token - localStorage authentication token for administrators; cleared on admin logout where possible.
• Upload/request security state - temporary browser or server-side state needed to submit forms, upload images, rate-limit abuse, and protect request actions.

2.2 Functional preferences

Language preference and cookie-choice memory are functional but necessary for a practical multilingual service. We may add other preference storage, such as interface settings, only where useful and proportionate.

2.3 Analytics and advertising

PoDi currently does not use advertising cookies, retargeting pixels, third-party analytics cookies, or cross-site profiling tags. If we introduce non-essential analytics or advertising technologies, we will update this policy and request consent where required.

When vendors use Stripe checkout, payment-method setup, invoices, or billing portals, Stripe may set cookies or similar technologies on Stripe-controlled domains or embedded checkout pages for payment processing, fraud prevention, compliance, and security. Stripe controls those technologies under its own notices.

Email providers, hosting providers, and geolocation/localisation providers may process server logs and request metadata, but they do not set PoDi advertising cookies through our pages in the current implementation.

The cookie banner lets you accept or decline optional cookies. Because PoDi currently uses only necessary browser storage on our pages, declining optional cookies mainly records your choice and does not disable login, language routing, security, or core platform features.

You can delete cookies and localStorage in your browser settings at any time. Doing so may log you out, reset language preferences, remove the cookie-choice record, interrupt uploads, or prevent dashboard features from working until you sign in again.

• Authentication storage: typically up to 7 days or until logout/expiry/browser deletion.
• Language preference: typically up to 1 year.
• Cookie choice: retained in localStorage until you clear browser storage or the value is replaced.
• Admin/vendor localStorage: retained until logout, token expiry, or manual browser deletion.
• Server logs related to cookies/security: retained as described in the Privacy Policy.

Questions about cookies or similar technologies can be sent to [email protected].