Cookie Policy
Last updated: May 16, 2026
This Cookie Policy explains how Haltless Kft. ("Haltless", "we") uses cookies and similar technologies on the Haltless marketing website at haltless.io and in the Haltless application at app.haltless.io (together, the "Site"). It complements the Haltless Privacy Policy and the Terms of Service and should be read together with them. Where this Cookie Policy uses terms defined in those documents, those definitions apply.
1. About this policy
This policy describes what cookies and similar technologies are, which categories Haltless uses, the specific cookies and storage items set on the marketing website and in the application, how we ask for your consent where required, and how you can review and change your choices at any time. We aim to be accurate, but the exact list of cookies in use may evolve as we add or remove features; we update this page when material changes occur.
2. What are cookies and similar technologies?
Cookies are small text files that a website places on your device when you visit. They store information that the website can read back on later visits. We also use other technologies that act in a similar way:
- HTTP cookies: small text files set by a domain you visit (first-party cookies) or by a third party loaded on that page (third-party cookies).
- Local storage and session storage: key-value data stored in your browser by JavaScript running on the Site. We use these mainly for application state, such as your theme or language preference.
- Pixels and tracking tags: tiny images or scripts that report a page view back to a service. We currently use these only for analytics on the marketing website, where consent has been given.
- SDK identifiers and device identifiers: where you install a Haltless mobile or desktop client, that client may store an identifier locally to keep you signed in. The Edge Agent installed on your industrial network does not use cookies.
3. Categories we use
We group the technologies described above into four categories so you can make a clear choice. The category determines whether your consent is required.
| Strictly necessary | Required to deliver the Site and the application. Examples: keeping you signed in, protecting against cross-site request forgery, remembering your cookie preferences, and verifying that you are not an automated bot on the contact form. These are always active and cannot be switched off, because the Site would not function without them. Consent is not required. |
|---|---|
| Preferences | Remember choices you have made so the Site behaves the way you expect. Examples: language, theme, and remembered devices for multi-factor authentication. These are set only after you make the choice that requires them or after you accept this category. |
| Analytics | Help us understand how visitors use the marketing website so we can improve content and performance. Examples: page views, approximate location at country level, device type, and the source that brought you to the Site. These are set only with your consent on the marketing website. We do not use analytics inside the authenticated application. |
| Marketing | Allow us to measure the effectiveness of campaigns or to show you Haltless content on third-party platforms. We do not currently run cross-context behavioural advertising. If we add marketing cookies in the future, they will be set only with your consent. |
4. Cookies on the Haltless marketing website
The table below lists the cookies and storage items used on haltless.io. The cookie name is the technical identifier as set in your browser; the provider identifies the party that sets the item; the category determines whether consent is required; the duration is the maximum lifetime of the item.
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| haltless_consent | Haltless (first-party) | Stores your cookie preferences (accepted or declined categories) so we do not ask again on every page load. | Strictly necessary | 12 months |
| haltless_lang | Haltless (first-party) | Remembers the language you selected for the marketing website so we serve it consistently across pages. | Preferences | 12 months |
| _ga, _ga_<container> | Google LLC (Google Analytics 4) | Used to distinguish unique visitors and to measure aggregated traffic to the marketing website. IP addresses are truncated; we do not use this data to identify you personally. | Analytics | 24 months |
| _grecaptcha | Google LLC (reCAPTCHA) | Helps us distinguish humans from automated submissions on the contact form. Set only when the contact form is loaded. | Strictly necessary | 6 months |
| haltless_utm | Haltless (first-party) | Holds UTM campaign parameters from the URL so the sign-up form can attribute the visit to a campaign. Read once at sign-up. | Marketing | 30 days |
We do not embed advertising networks, social-media trackers, or session-replay tools on the marketing website.
5. Cookies and storage in the Haltless application
When you sign in to app.haltless.io, the application uses the items below. All of these are strictly necessary or preferences. We do not run analytics inside the authenticated application.
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| haltless_session | Haltless (first-party) | HMAC-SHA256 signed session token that keeps you signed in and binds requests to your account. Marked Secure, HttpOnly, and SameSite=Lax. | Strictly necessary | Up to 30 days, revoked on logout |
| haltless_csrf | Haltless (first-party) | Cross-site request forgery token paired with the session, required to submit state-changing forms in the application. | Strictly necessary | Session, refreshed on each request |
| haltless_mfa_remember | Haltless (first-party) | Remembers that you completed multi-factor authentication on this device, so you are not prompted on every sign-in. | Strictly necessary | 30 days |
| haltless_theme | Haltless (first-party, local storage) | Remembers your light or dark theme choice so the application opens the way you left it. | Preferences | 12 months |
| haltless_locale | Haltless (first-party, local storage) | Remembers the language you selected inside the application. | Preferences | 12 months |
Because the application is a business tool that you cannot reach without first authenticating, ePrivacy strictly-necessary exemptions apply to the cookies used to maintain that authenticated session. We do not present a consent banner inside the authenticated application, but the items above are disclosed here in full.
6. Edge Agent
The Haltless Edge Agent is a service that runs on Customer-controlled infrastructure inside the Customer's industrial network. It does not use cookies, browser local storage, or web tracking technologies. The Edge Agent communicates with Haltless servers over an authenticated, TLS-protected channel and is configured by the Customer. Its data handling is described in the Privacy Policy and in the Data Processing Addendum, not in this Cookie Policy.
7. How we ask for consent
On the marketing website, when you visit from a region that requires prior consent (including the European Economic Area, the United Kingdom, and Switzerland), we show a consent banner before any non-essential storage or access takes place. The banner offers granular choice by category. Refusing non-essential categories is as easy as accepting them, in line with the guidance of the European Data Protection Board and the French CNIL. Strictly necessary items continue to operate either way, because the Site cannot function without them.
You can change your preferences at any time using the "Cookie preferences" link in the footer of the marketing website. Changing your preferences applies immediately to subsequent page loads; items already set will be cleared the next time you load a page where the banner is available. Withdrawing consent is as straightforward as giving it and does not affect the lawfulness of processing carried out before the withdrawal.
8. Legal basis
Where the General Data Protection Regulation, the UK GDPR, the Swiss Federal Act on Data Protection, or equivalent law applies, we rely on your consent under Article 5(3) of the ePrivacy Directive (and national transpositions) for non-strictly-necessary cookies and similar technologies. For strictly necessary items we rely on the exemption in Article 5(3) and on our legitimate interest in operating a secure and functional Site under Article 6(1)(f) of the GDPR.
Where the California Consumer Privacy Act applies, we treat your interactions with the cookie banner and any Global Privacy Control signal you send as the choices that drive whether non-essential cookies are set, and whether cross-context behavioural advertising would be permitted. We currently do not engage in cross-context behavioural advertising or sell personal information.
9. Third parties and international transfers
Some of the cookies described above are set by third-party providers that act as independent controllers for their own measurement and security purposes. Where they receive personal data, those providers are listed in the Sub-processor list in Annex III of the Data Processing Addendum and on haltless.io/security. The most relevant third-party providers for cookies and similar technologies are Google LLC (Google Analytics 4, reCAPTCHA), and, where applicable, our content-delivery and DDoS protection partner used for the marketing website.
When you accept analytics on the marketing website, your interaction data may be transferred to the United States or another country outside the European Economic Area. Where that recipient is certified under the EU-US Data Privacy Framework, the transfer relies on that framework. Otherwise, the transfer relies on the European Commission Standard Contractual Clauses (Module One) together with the supplementary safeguards we describe in the Data Processing Addendum and in our public security documentation.
10. Do Not Track and Global Privacy Control
We treat the Global Privacy Control (GPC) signal as a valid opt-out of sale and sharing of personal information under the California Consumer Privacy Act and as a request to refuse non-essential cookies on the marketing website. Browsers and browser extensions that send GPC will be recognised automatically. We do not currently act on the legacy "Do Not Track" header, because it has no agreed legal meaning, but if you send GPC we treat that as the controlling preference.
11. California rights
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you specific rights with respect to cookies and similar technologies, including the right to opt out of "sale" and "sharing" of personal information and to limit the use of sensitive personal information. We do not sell personal information collected on the Site, and we do not share it for cross-context behavioural advertising. The cookies described in this policy do not, in our current configuration, constitute a sale or sharing of personal information under the CCPA.
You may exercise your CCPA rights by changing your preferences in the cookie banner, by sending a GPC signal, or by contacting us at privacy@haltless.io. We will not discriminate against you for exercising any of these rights.
12. China and other jurisdictions
For visitors in mainland China, the Personal Information Protection Law applies to any personal information processed through cookies on the marketing website. Where required, we ask for separate consent before any cross-border transfer of personal information, and we rely on the China Standard Contract for Cross-border Transfer of Personal Information for transfers outside the People's Republic of China, as described in the Data Processing Addendum.
For visitors in jurisdictions including Japan, Singapore, South Korea, India, Australia, and Brazil, we apply the consent standard that applies under local law. In practice this means non-essential cookies are presented on a consent basis, the strictly necessary category is disclosed but not subject to consent, and you can change your choices at any time as described in Section 7.
13. Retention
The Duration column in the tables above states the maximum lifetime of each item, after which it is automatically deleted by your browser or by the application. Where you clear your browser data, withdraw consent, or use a private browsing mode, items may be removed earlier. Server-side records of the events that the cookies enable (for example, audit logs of authentication) are retained under the timelines set out in the Haltless Privacy Policy and the Data Processing Addendum.
14. Managing cookies in your browser
You can also control cookies directly in your browser. Disabling strictly necessary cookies may break parts of the Site, including sign-in. The following links point to current vendor documentation for the most common browsers:
- Google Chrome: Settings, Privacy and security, Third-party cookies.
- Mozilla Firefox: Settings, Privacy and Security, Cookies and Site Data.
- Apple Safari (macOS or iOS): Settings, Privacy.
- Microsoft Edge: Settings, Cookies and site permissions, Manage and delete cookies and site data.
- Opera: Settings, Privacy and security, Cookies and other site data.
- Brave: Settings, Shields, Cross-site cookies and Site and shield settings.
15. Updating your preferences
You can review and change your cookie preferences at any time by selecting "Cookie preferences" in the footer of the marketing website. Changing your selection takes effect immediately for future page loads. Inside the Haltless application, no consent-based cookies are used, so there is no preference toggle inside the product.
16. Changes to this policy
We may update this Cookie Policy from time to time to reflect changes in technology, regulation, or our practices. When we do, we update the "Last updated" date at the top of this page. If we add a new category of cookies or change the legal basis on which an existing item is used, we will notify you in advance through an in-product banner, an email to account administrators, or another reasonable channel, and where required we will request fresh consent before the new processing takes effect.
17. Contact
For questions about this Cookie Policy or about any of the items listed above, contact privacy@haltless.io.