Cookie Policy

Commerce OS uses cookies + browser local storage for authentication, session management, and feature persistence (e.g. remembered location selection, draft form state). We use a deliberately minimal set — no third-party advertising or cross-site tracking.

Strictly necessary: JWT session cookies, CSRF tokens, language preference. These cannot be disabled without breaking the platform.

Functional: remembered location selection, dashboard tab persistence, KDS station preference. Improve UX but the platform works without them.

Analytics: page-view + UI-event tracking via our own first-party telemetry endpoints. No third-party analytics scripts (Google Analytics, etc.).

auth-tokens (localStorage): JWT access + refresh tokens for the dashboard + POS web. Required.

commerce.kds.lastStationId (localStorage): remembered KDS station per device.

commerce.tableSession.* (localStorage): in-flight bar-tab + table-session state for offline resilience.

commerce.deviceFingerprint (cookie): device-binding for kiosk-mode terminals.

Stripe Checkout sets its own cookies on the hosted payment page during checkout. Sentry sets a session cookie if you’ve consented to crash-reporting on the marketing site (default: off). DoorDash + Uber set cookies on their tracking pages when a customer follows a delivery-status link.

No advertising-network cookies are set anywhere on Commerce OS surfaces.

You can clear cookies + local storage via your browser settings. Doing so will sign you out of any active session and clear remembered preferences.

For more granular control over telemetry, contact [email protected] to request opt-out of usage-analytics collection on your account.