Effective Date: 1 April 2026 | Version 1.0
This Cookie Policy explains how ExactFlow p.s.a. ('ExactFlow', 'we', 'us') uses cookies and similar tracking technologies when you visit www.exactflow.com or access the ExactFlow Platform. It forms part of our Privacy Policy and should be read alongside it.
This Policy is issued in compliance with:
Regulation (EU) 2016/679 (GDPR), in particular Article 6(1)(a) (consent)
Directive 2002/58/EC (ePrivacy Directive), as implemented in Polish law
Act of 16 July 2004 — Telecommunications Law (Prawo telekomunikacyjne), Art. 173
Act of 18 July 2002 on Providing Services by Electronic Means (ustawa o świadczeniu usług drogą elektroniczną)
Guidelines of the Polish Data Protection Authority (UODO) on cookies and consent
Cookies are small text files placed on your device (computer, tablet, smartphone) by websites you visit. They are widely used to make websites function efficiently, to remember your preferences, and to provide information to website owners. Cookies are not viruses or malware and do not give websites access to your device.
We also use related technologies including:
Web beacons (pixel tags) — transparent image files used to track engagement with web pages and emails
Local storage objects (HTML5) — data stored locally in your browser for session management
Session tokens — temporary identifiers used to maintain your login session
Analytics SDKs — integrated tracking tools within the Platform for usage analytics
| Category | Purpose | Legal Basis | Examples | Duration |
|---|---|---|---|---|
| Strictly Necessary | Essential for the website and Platform to function. Enable login, session management, security, and fraud prevention. Cannot be switched off. | Art. 6(1)(b) — Contract / Legitimate Interests (no consent required) | Session ID, CSRF token, load balancer | Session / up to 1 year |
| Functional / Preference | Remember your settings, language, interface preferences, and dashboard configuration. | Art. 6(1)(a) — Consent | Language setting, UI theme, widget layout | Up to 1 year |
| Analytics / Performance | Collect anonymized or pseudonymized data about how visitors use our website and Platform to improve performance and content. | Art. 6(1)(a) — Consent | Google Analytics, Hotjar, internal analytics | Up to 2 years |
| Marketing / Targeting | Track visitors across websites to deliver relevant advertising and measure campaign effectiveness. May involve sharing data with advertising partners. | Art. 6(1)(a) — Consent | Facebook Pixel, Google Ads, LinkedIn Insight Tag | Up to 2 years |
| Third-Party Integration | Placed by third-party marketplace partners and tool providers where you have enabled integrations within the Platform. | Art. 6(1)(b) — Contract performance / Consent where required | Partner API session tokens | Varies by provider |
| Cookie Name | Provider | Category | Purpose | Expiry |
|---|---|---|---|---|
| ef_session | ExactFlow | Strictly Necessary | Maintains authenticated user session on the Platform | Session |
| ef_csrf | ExactFlow | Strictly Necessary | Cross-site request forgery protection token | Session |
| ef_prefs | ExactFlow | Functional | Stores UI preferences (language, theme, dashboard layout) | 12 months |
| ef_consent | ExactFlow | Strictly Necessary | Records your cookie consent choices | 12 months |
| _ga | Google Analytics | Analytics | Distinguishes unique users for analytics reporting | 24 months |
| _ga_* | Google Analytics | Analytics | Session persistence for Google Analytics 4 | 24 months |
| _gid | Google Analytics | Analytics | Distinguishes users; stores session information | 24 hours |
| _hjSessionUser_* | Hotjar | Analytics | Identifies returning Hotjar users across sessions | 12 months |
| _hjSession_* | Hotjar | Analytics | Holds current session data for Hotjar | 30 minutes |
| _fbp | Meta (Facebook) | Marketing | Used by Facebook to deliver advertising products | 90 days |
| li_fat_id | Marketing | LinkedIn member indirect identifier for ad attribution | 30 days | |
| __hssc | HubSpot | Analytics/Marketing | HubSpot session tracker for analytics and marketing | 30 minutes |
| __hstc | HubSpot | Marketing | HubSpot visitor tracking across sessions | 6 months |
This table represents cookies in use at the time this Policy was last updated. The full and current list of cookies is available in our Cookie Consent Manager, accessible via the cookie settings icon on any page of our website.
4.1 Cookie Consent Manager
When you first visit www.exactflow.com or the Platform, you will be presented with a Cookie Consent Banner allowing you to:
Accept all cookies (including analytics and marketing)
Reject all non-essential cookies
Customize your preferences by category
Your choices are recorded in the ef_consent cookie and respected on all subsequent visits. You can change your preferences at any time by clicking the 'Cookie Settings' link in the footer of any page.
4.2 Strictly Necessary Cookies — No Opt-Out
Strictly necessary cookies cannot be disabled as they are essential for the Platform and website to function. They do not require consent under Article 5(3) of the ePrivacy Directive as they are technically necessary to provide the service you have requested.
4.3 Withdrawing Consent
You may withdraw your consent to non-essential cookies at any time through the Cookie Consent Manager. Withdrawal of consent does not affect the lawfulness of processing based on consent before withdrawal. Note that withdrawing cookie consent may affect the functionality of certain features.
4.4 Browser-Level Controls
You can also manage cookies through your browser settings. Most browsers allow you to:
View and delete existing cookies
Block all or specific cookies from being set
Receive alerts when a new cookie is placed
Please note that restricting cookies at browser level may impact the functionality of our website and Platform. For guidance, refer to your browser's help documentation. Useful resources include www.aboutcookies.org and www.allaboutcookies.org.
4.5 Opt-Out Tools for Third-Party Advertising
For third-party marketing and analytics cookies, you may additionally use the following opt-out tools:
Google Analytics: https://tools.google.com/dlpage/gaoptout
Facebook: https://www.facebook.com/settings/?tab=ads
LinkedIn: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
Your Online Choices (EU): https://www.youronlinechoices.eu/
Network Advertising Initiative: https://www.networkadvertising.org/choices/
Some cookies collect personal data or data that becomes personal data when combined with other information we hold. Where cookies involve the processing of personal data, such processing is governed by our Privacy Policy and the GDPR. The legal basis for personal data processing via cookies is:
Consent (Art. 6(1)(a) GDPR) for analytics, marketing, and functional cookies
Legitimate interests (Art. 6(1)(f) GDPR) for security and fraud-prevention purposes
Contract performance (Art. 6(1)(b) GDPR) for session management and login functionality
Where personal data is transferred to third-party providers outside the EEA (such as Google or Meta, which operate under US-based infrastructure), such transfers are subject to appropriate safeguards, including Standard Contractual Clauses (SCCs) approved by the European Commission. Further information is available in our Privacy Policy.
For registered Clients and Authorized Users accessing the Platform at app.exactflow.com, additional first-party cookies are set to manage your authenticated session, store dashboard preferences, and provide analytics on feature usage. These Platform-level cookies are:
Strictly necessary session cookies — required to maintain your login and access controls
Functional preference cookies — to remember your dashboard layout and settings
Internal analytics cookies — to help ExactFlow improve the Platform interface (pseudonymized data only)
Where applicable, ExactFlow's processing of Client Data through Platform cookies is governed by the Data Processing Agreement (DPA) executed between ExactFlow and the Client.
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, applicable law, or guidance from the UODO or other competent authorities. The date of the most recent update is displayed at the top of this document. Where changes are material, we will notify users via the Cookie Consent Manager on your next visit. We encourage you to review this Policy periodically.
For any questions about our use of cookies or this Cookie Policy, please contact:
| Data Protection Contact | privacy@exactflow.com |
| Cookie Settings | Available via the cookie icon on www.exactflow.com |
| Registered Address | ExactFlow p.s.a., Stanisława Bodycha 87, 05-816 Reguły, Poland |
| Supervisory Authority | UODO — Urząd Ochrony Danych Osobowych, ul. Stawki 2, 00-193 Warsaw | www.uodo.gov.pl |
— END OF COOKIE POLICY —