Cookie Policy — RYPL

Cookie Policy — RYPL

Last updated

This Cookie Policy explains how Rypl (“we”, “us”, “our”) uses cookies and similar technologies on rypl.is and related sub-domains (including www.rypl.is and app.rypl.is) (collectively, the “Site”). For broader data processing, see our Privacy Policy.

Questions: privacy@rypl.is.

1) What are cookies?

Cookies are small text files placed on your device. We also use related technologies such as localStorage, sessionStorage, and pixels/SDKs. Some cookies are strictly necessary for the Site to function; others support analytics, marketing, or product improvement.

2) How cookies are set

Cookies may be placed when you visit or interact with our Site. We use Cloudflare Zaraz and similar technologies to deliver essential features, load third-party tools (such as Google Analytics and Meta Pixel), and process payments.

  • Essential cookies (security, login, payments) are always set.
  • Analytics and marketing cookies may also load automatically when you use the Site, as part of our legitimate interest in improving and promoting our services.

You can control cookies at any time via your browser settings or privacy tools such as Global Privacy Control (GPC). Blocking essential cookies may prevent sign-in, checkout, or secure access.

3) Cookies we use

A) Essential (strictly necessary)

Used to provide the Site and app securely. Cannot be switched off.

  • Session / authentication tokens — keep you signed in (HttpOnly, Secure, CSRF tokens). Retention: session or up to 30 days.
  • Security & performance (Cloudflare) — e.g., cf_clearance, __cf_bm for bot management and performance. Retention: 30 minutes – 1 year (vendor-controlled).
  • Feature/config cookies — UI preferences, plan gating, language, or A/B assignments. Retention: session to 12 months.
  • Payments (Lemon Squeezy Checkout) — cookies set on *.lemonsqueezy.com for payment processing, fraud prevention, checkout state, and VAT compliance. Retention: session to 12 months.

B) Analytics (legitimate interest)

Help us understand how the Site is used and improve features.

  • Google Analytics 4_ga (~2 years), _ga_* (~2 years), _gid (~24h). We use IP anonymization/region controls where available.
  • (Optional) Hotjar_hjSessionUser_* (~1 year), _hjSession_* (~30 minutes), for UX insights (not keystrokes/passwords).

C) Marketing (legitimate interest)

Help us measure ads and build audiences on external platforms.

  • Meta Pixel (Facebook)_fbp (~3 months) for attribution, audiences, and campaign measurement.

Vendors may be added or changed over time. The list above is illustrative, not exhaustive.

4) LocalStorage / sessionStorage

We may store non-sensitive preferences (UI state) in localStorage/sessionStorage. Authentication tokens are not stored there; they are kept in secure cookies whenever possible.

  • Essential cookies: our legitimate interest in delivering a secure, functioning service.
  • Analytics & Marketing cookies: our legitimate interest in improving, securing, and promoting the Service. Where required by law, your continued use of the Site may be treated as consent. You may disable non-essential cookies anytime via your browser or vendor opt-out tools.

6) International transfers

Vendors (e.g., Google, Meta, Cloudflare, Lemon Squeezy) may process data in multiple countries. We rely on applicable safeguards (e.g., SCCs) as described in our Privacy Policy.

7) How to control cookies

  • Browser controls — block or delete cookies in your browser. Blocking essential cookies may break the Site (login, checkout, payments).
  • Privacy tools — use Global Privacy Control (GPC) or vendor tools (e.g., Google Analytics Opt-Out Add-on, Meta Ads settings).
  • Do Not Track (DNT) — not reliably supported across vendors; we rely on browser/GPC settings instead.
  • Session token (e.g., __Host-rypl_session) — Essential — Keeps you signed in — Session / up to 30 days
  • cf_clearance, __cf_bm — Essential — Cloudflare security/bot management — 30 min – 1 year
  • Lemon Squeezy checkout cookies — Essential — Payment processing/fraud prevention — Session to 12 months
  • _ga, _ga_* — Analytics — Google — Distinguish users/sessions — Up to 2 years
  • _gid — Analytics — Google — 24-hour user distinction — 24h
  • _fbp — Marketing — Meta — Ad attribution/audiences — ~3 months
  • _hjSessionUser_*, _hjSession_* (if used) — Analytics — Hotjar — UX insights — 30 min – 1 year
  • No warranty — This Policy is provided “as is” and may change as our Site, vendors, or laws evolve.
  • Vendor variability — Third-party cookie names, lifetimes, and purposes can change without our control; examples are illustrative, not exhaustive.
  • Limitation of liability — To the maximum extent permitted by law, we disclaim liability for indirect or consequential losses from reliance on this Policy. Liability is otherwise limited as set out in our Terms of Service.
  • Conflicts — If this Policy conflicts with the Privacy Policy or Terms, the more specific document controls; otherwise, the Terms prevail.

10) Updates

We may update this Policy to reflect technology, vendors, or legal changes. Updates will be posted here with a new date. Material changes may be notified via the Site. Continued use after updates constitutes acceptance.

Contact: privacy@rypl.is


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org