Cookie Policy
Effective Date: [TO BE COMPLETED BY COUNSEL BEFORE PUBLICATION]
Last Updated: February 26, 2026
1. What Are Cookies?
Cookies are small text files placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work, to remember your preferences, and — in some cases — to collect information about your browsing behavior.
NSuite Solo uses cookies and similar browser-based storage technologies. This Cookie Policy explains exactly what we use, why, and what controls you have.
2. Our Approach to Cookies
NSuite Solo is built with a minimal footprint philosophy:
- We use exactly one first-party cookie, and it is strictly necessary for the platform to function.
- We use no analytics cookies.
- We use no advertising or tracking cookies.
- We use no cross-site tracking.
- Third-party cookies from Stripe are present only on public invoice payment pages, operated by Stripe for fraud prevention purposes.
3. First-Party Cookies We Set
3.1 access_token — Authentication Cookie
| Cookie Name | access_token |
|---|---|
| Category | Strictly Necessary |
| Party | First-Party (set by NSuite Solo) |
| Purpose | Authentication. Contains your signed JSON Web Token (JWT), which identifies your logged-in session. Without this cookie, the platform cannot verify your identity and you will not be able to access any protected features. |
| Data Stored | Signed JWT containing your user ID, email address, and assigned roles. The token is cryptographically signed; it cannot be tampered with. |
| Duration | 7 days from login (or registration). The cookie is deleted immediately on logout. |
| HttpOnly | Yes — the cookie is inaccessible to client-side JavaScript. This protects against cross-site scripting (XSS) attacks. |
| Secure | Yes (production only) — the cookie is only transmitted over HTTPS. |
| SameSite | Lax — protects against cross-site request forgery (CSRF) in most scenarios. |
| Set by | Next.js Server Actions on login and registration |
| Deleted by | Server Action on logout; browser upon expiry |
Legal basis: This cookie is strictly necessary for providing the service you have requested. Under the ePrivacy Directive (Recital 66) and UK ICO guidance, strictly necessary cookies are exempt from prior consent requirements. The cookie banner serves as a transparency notice, not a consent request.
4. Third-Party Cookies
4.1 Stripe Cookies — Invoice Payment Pages Only
When you access a public invoice payment page (/pay/[businessId]/invoice/[token]), NSuite Solo loads Stripe's JavaScript library (js.stripe.com/v3/) to render the payment form. Stripe is solely responsible for the cookies it sets.
| Cookie Name | Operator | Category | Purpose | Duration |
|---|---|---|---|---|
__stripe_mid | Stripe, Inc. | Strictly Necessary (Fraud Prevention) | Machine identifier used by Stripe to distinguish devices and detect fraudulent activity | 1 year |
__stripe_sid | Stripe, Inc. | Strictly Necessary (Fraud Prevention) | Session identifier used by Stripe for fraud detection within a browsing session | 30 minutes |
These cookies are only set on invoice payment pages (/pay/). They are governed exclusively by Stripe's Privacy Policy and Stripe's Cookie Settings. NSuite Solo does not have control over what cookies Stripe sets or how long they persist.
5. Browser Local Storage
In addition to cookies, NSuite Solo uses your browser's localStorage API to store lightweight UI preferences. Unlike cookies, localStorage data is never transmitted to our servers, is accessible only within your browser, and is readable only by client-side JavaScript on the same origin. We do not store any personal information in localStorage.
5.1 theme — Dark/Light Mode Preference
| Key | theme |
|---|---|
| Values | "dark" or "light" |
| Purpose | Remembers your dark or light mode display preference so it is applied consistently across sessions. |
| Contains PII | No |
| Duration | Persistent (until manually cleared or browser data is cleared) |
5.2 cal:sidebar:collapsed — Calendar Sidebar State
| Key | cal:sidebar:collapsed |
|---|---|
| Values | "true" or "false" |
| Purpose | Remembers whether you have collapsed the appointment calendar sidebar. Preserves your layout preference between visits. |
| Contains PII | No |
| Duration | Persistent (until manually cleared or browser data is cleared) |
6. Session Storage
We do not use sessionStorage anywhere in the NSuite Solo application. No data is stored in sessionStorage.
7. Analytics and Tracking Technologies
We confirm the following tracking technologies are not used on NSuite Solo: Google Analytics / GA4, Google Tag Manager, Meta (Facebook) Pixel, Mixpanel, PostHog, Amplitude, Segment, Hotjar / FullStory, Intercom / Crisp / live chat, advertising / retargeting pixels, and cross-site tracking identifiers. No behavioral analytics, session recording, heatmapping, or advertising profiling technologies are integrated.
8. Fonts and Remote Resources
NSuite Solo uses the Geist and Geist Mono typefaces (by Vercel). These are loaded through Next.js's built-in font optimization, which self-hosts the font files at build time and serves them from NSuite's own domain. No runtime requests are made to fonts.googleapis.com or any external font CDN. No font-based tracking occurs.
9. Your Cookie Controls
9.1 Browser Settings
You can control and delete cookies through your browser settings. Most browsers allow you to view and delete individual cookies, block all cookies (note: this will break authentication on NSuite Solo), block third-party cookies, and set preferences for specific sites.
Important: Blocking the access_token cookie will prevent you from logging in to NSuite Solo. The authentication cookie is strictly necessary for the platform to function. We cannot provide an opt-out for this cookie.
9.2 In-App Cookie Banner
On your first visit to NSuite Solo (before logging in), a cookie notice banner is displayed. This banner informs you about the access_token authentication cookie and Stripe's cookies on payment pages, links to this Cookie Policy for full details, and is dismissed by clicking the acknowledgment button. Your dismissal is stored in localStorage["cookie-notice-dismissed"].
This banner is a transparency notice, not a consent gate. Because the only first-party cookie is strictly necessary for authentication, no consent choice is offered or required under applicable ePrivacy law.
9.3 Stripe Cookie Opt-Out
To manage Stripe's cookies, visit stripe.com/cookie-settings. NSuite Solo does not have the technical ability to control Stripe's cookies on Stripe-loaded payment pages.
10. Do Not Track (DNT)
NSuite Solo does not currently respond to browser-level "Do Not Track" (DNT) signals. Because we do not engage in cross-site tracking or behavioral advertising, DNT is not operationally relevant to our platform. We remain open to adopting Global Privacy Control (GPC) signals as they become legally required in applicable jurisdictions.
11. Changes to This Cookie Policy
We will update this Cookie Policy if we introduce new cookies, storage keys, or tracking technologies. When we make material changes, we will update the "Last Updated" date at the top of this document and notify registered Operators by email.
12. Contact Us
For questions about this Cookie Policy or our data practices:
[COMPANY NAME]Attn: Privacy
[COMPANY ADDRESS]
Email: [PRIVACY CONTACT EMAIL]
For Stripe-specific cookie inquiries, contact Stripe at stripe.com/privacy.
Appendix A — Complete Cookie and Storage Inventory
Cookies
| Name | Type | Party | Category | Duration | Pages | PII? |
|---|---|---|---|---|---|---|
access_token | HTTP Cookie | First-Party | Strictly Necessary | 7 days | All authenticated pages | Yes (user ID, email, roles in JWT payload) |
__stripe_mid | HTTP Cookie | Third-Party (Stripe) | Strictly Necessary (Fraud Prevention) | 1 year | /pay/ pages only | No (device identifier) |
__stripe_sid | HTTP Cookie | Third-Party (Stripe) | Strictly Necessary (Fraud Prevention) | 30 minutes | /pay/ pages only | No (session identifier) |
Local Storage
| Key | API | Category | Duration | Pages | PII? |
|---|---|---|---|---|---|
cookie-notice-dismissed | localStorage | Functional / UI State | Persistent | All pages | No |
theme | localStorage | Functional / UI Preference | Persistent | All pages | No |
cal:sidebar:collapsed | localStorage | Functional / UI State | Persistent | Appointments dashboard | No |
Session Storage
None.