Cookie Policy
Last updated
1. Introduction
This policy explains the small amount of information Verdly stores on your device, and why.
We’ve written it as a “Cookies & Local Storage Policy” rather than a “Cookie Policy” because, in our case, the second name fits better — we don’t use traditional tracking cookies, but we do rely on your browser’s local storage to keep you signed in and remember a few preferences. Under UK and EU regulations (the Privacy and Electronic Communications Regulations and the GDPR), the rules for cookies, local storage, session storage, and similar technologies are the same. So we treat them the same here.
If you’ve read our Privacy Policy, this document complements it by focusing specifically on what we store directly in your browser.
2. Our approach
Verdly is built around the idea that your financial information is yours. That principle shapes what we store on your device:
- No advertising cookies. Verdly carries no ads and no advertising trackers.
- No third-party analytics. We don’t use Google Analytics, Meta Pixel, Mixpanel, PostHog, Hotjar, or any equivalent. We don’t profile you, and we don’t share behavioural data with anyone.
- No cross-site tracking. Nothing we store can be used to follow you around the web.
- Only what’s needed. The items below are limited to keeping you signed in, remembering settings you’ve explicitly chosen, and protecting the service from abuse.
This means we don’t need a cookie consent banner. There is nothing to “reject all” because we’ve never set it in the first place.
3. What we store on app.verdly.io
3.1 Strictly necessary
These are required for the app to work. Without them, you can’t sign in or complete the actions you’ve asked Verdly to perform.
| Item | Where it’s stored | Purpose | Lifetime |
|---|---|---|---|
| Authentication tokens | Local storage (set by AWS Cognito) | Keeps you signed in across page reloads. Stored under keys beginning CognitoIdentityServiceProvider.* | Until you sign out or clear your browser data; refresh token expires after ~30 days of inactivity |
| Onboarding draft | Local storage (verdly.onboarding.draft) | Preserves your signup form if you reload the page mid-way. Contains details you’ve entered during onboarding, including name, country, currency, date of birth, retirement age, salary, and your first milestone | Cleared automatically when you complete onboarding |
| Email re-send cooldown | Session storage (auth-resend-cooldown:*) | Prevents accidental repeated requests for verification or password-reset emails. Your email address is hashed before being used as a key — we don’t store it in readable form | The current browser tab session |
3.2 Preferences
These remember UI settings you’ve explicitly turned on. They contain no personal data, are never transmitted to third parties, and are scoped to your browser on the current device.
| Item | Where it’s stored | Purpose | Lifetime |
|---|---|---|---|
| AI Insights opt-in | Local storage (insights_enabled) | Remembers whether you’ve enabled AI Insights | Persistent until you clear browser data |
| Theme | Local storage (dark_mode) | Remembers whether you prefer light or dark mode | Persistent until you clear browser data |
| Dashboard layout | Local storage (dashboard.*) | Remembers dashboard toggles you’ve set, such as whether milestones are visible | Persistent until you clear browser data |
We treat these as strictly necessary on the basis that each one only exists because you actively flipped a toggle to enable it. If you’d rather not have them set, you can simply leave the relevant settings at their defaults.
4. What we store on verdly.io (marketing site)
Nothing.
The Verdly marketing site sets no cookies, writes to no local or session storage, and loads no analytics, advertising, or tracking scripts of any kind.
5. Third-party services we use
5.1 Cloudflare
We use Cloudflare as our CDN and security layer. Cloudflare may set a small number of cookies on verdly.io and app.verdly.io to protect the site from abuse:
| Cookie | Purpose | Lifetime |
|---|---|---|
__cf_bm | Distinguishes legitimate visitors from automated bots | ~30 minutes, rolling |
_cfuvid | Helps Cloudflare’s rate-limiting and bot-management features work correctly | Browser session |
cf_clearance | Set only if you’ve successfully completed a Cloudflare security challenge | Up to 1 year |
These are classified by Cloudflare as strictly necessary for the security of the service. You can read Cloudflare’s documentation on these cookies for more detail.
5.2 AWS Cognito
We use AWS Cognito for authentication. The authentication tokens listed in section 3.1 are issued by Cognito and stored in your browser’s local storage by the Cognito SDK. They are not transmitted to anyone other than Verdly’s own servers.
6. Managing what’s stored
You can clear everything Verdly has stored in your browser at any time. The exact steps depend on your browser, but in general:
- Chrome / Edge: Settings → Privacy and security → Clear browsing data → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data → Clear Data
- Safari (macOS): Safari → Settings → Privacy → Manage Website Data
- Safari (iOS): Settings → Safari → Advanced → Website Data
If you clear Verdly’s stored data, you’ll be signed out, any in-progress onboarding draft will be lost, and your preferences will reset to their defaults. Your Verdly account and all the financial data you’ve saved are unaffected — those live on our servers and are accessed separately through your account.
You can also use your browser’s developer tools (Application tab in Chrome / Edge, Storage tab in Firefox) to inspect or remove individual entries.
7. Changes to this policy
If we add new items to what we store — for example, if we introduced an optional analytics tool — we’ll update this policy and, where required by law, ask for your consent before setting anything new.
8. Contact
If you have questions about this policy, contact us at support@verdly.io.