We use only strictly necessary cookies by default. Analytics and marketing cookies are only activated after you give explicit consent via our cookie banner. You can change or withdraw consent at any time. We do not use cookies to track you across other websites.
What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, smartphone) when you visit a website. They allow websites to remember information about your visit, such as your preferred language or consent choices. Similar technologies â including localStorage, sessionStorage, and web beacons â serve similar functions and are also covered by this policy.
Set directly by nocta.chat. Used for essential platform functionality, session management, and (with consent) analytics.
Set by third-party services integrated into our platform (e.g., Stripe for payments, analytics providers). These third parties have their own privacy policies.
Cookie Categories
These cookies are essential for the website and platform to function correctly. They cannot be disabled. They do not store any personally identifiable information beyond what is strictly necessary for the service to operate.
- Maintain your session while using the chatbot (session_id)
- Remember your cookie consent choices
- Enable secure authentication for the tenant portal and admin panel
- Prevent cross-site request forgery (CSRF protection)
- Rate limiting â prevent platform abuse
Legal basis: Art. 6(1)(b) GDPR (performance of contract) + Art. 6(1)(f) (legitimate interest in platform security). No consent required under Romanian Law 506/2004 Art. 4(5)(a) for strictly necessary technical cookies.
Analytics cookies help us understand how visitors interact with our website â which pages are most visited, where visitors come from, and how the chatbot widget performs. All data is aggregated and anonymised. No individual profiles are built.
- Page view counts and session duration
- Traffic source analysis (referrer URLs)
- Chatbot widget performance metrics
- Error tracking and platform reliability monitoring
Legal basis: Art. 6(1)(a) GDPR (consent). Active only after you accept analytics cookies via our banner. You can withdraw consent at any time.
Marketing cookies enable us to show relevant advertisements to visitors who have shown interest in nocta.chat. These are managed by third-party advertising platforms and are subject to their respective privacy policies.
- Retargeting â show nocta.chat ads after you visit the site
- Conversion tracking â measure effectiveness of advertising campaigns
- Audience building for lookalike targeting (anonymised)
Legal basis: Art. 6(1)(a) GDPR (consent). Active only after you explicitly accept marketing cookies. You can withdraw consent at any time without affecting your use of the platform.
Complete Cookie List
đ Necessary
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
| nocta_session_id | Necessary | Maintains the chatbot conversation session across page loads. UUID only â no personal data. | Session (tab close) | nocta.chat (sessionStorage) |
| nocta_consent | Necessary | Stores your cookie consent choices (necessary/analytics/marketing + version + timestamp). | 13 months | nocta.chat (localStorage) |
| nocta_tenant_key | Necessary | Stores the API key for tenant portal authentication. Only present if you log into /portal. | Session (localStorage) | nocta.chat (localStorage) |
đ Analytics (requires consent)
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
| _ga | Analytics | Google Analytics â distinguishes unique users. Anonymised IP. Only loaded after consent. | 2 years | Google Analytics |
| _ga_* | Analytics | Google Analytics 4 â stores and counts page views. Only loaded after consent. | 2 years | Google Analytics |
| plausible_* | Analytics | Plausible Analytics (privacy-first, cookieless) â if activated, uses no cookies. Listed for completeness. | N/A (cookieless) | Plausible.io |
đ¯ Marketing (requires consent)
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
| _fbp | Marketing | Meta Pixel â identifies browsers for ad delivery and conversion tracking. Only loaded after consent. | 90 days | Meta (Facebook) |
| _gcl_au | Marketing | Google Ads â conversion tracking and remarketing. Only loaded after consent. | 90 days | Google Ads |
đŗ Payment Processor
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
| __stripe_* | Necessary | Stripe payment processing â fraud detection and secure checkout. Set only when you proceed to payment. PCI-DSS required. | Session / 1 year | Stripe |
Third-Party Technologies
Third-party cookies (Google, Meta, Stripe) are controlled by their respective companies. We only activate these when you give consent (except Stripe, which is necessary for payment processing). Each third party has its own privacy policy governing their cookies. We do not control the data practices of these third parties beyond their contractual DPA obligations with us.
We load fonts from Google Fonts (fonts.googleapis.com). This sends your IP address to Google's servers. Google may set performance cookies. Google Privacy Policy â
When you access the checkout page, Stripe sets security cookies required for PCI-DSS compliant payment processing. These cannot be disabled on checkout pages. Stripe Privacy Policy â
Chat messages are processed by Anthropic/OpenAI APIs. These are server-side API calls â no cookies are set by these providers in your browser. Data is covered in our Privacy Policy.
How We Obtain Consent
On your first visit to nocta.chat, a cookie consent banner appears at the bottom of the screen. The banner provides three options:
- Accept all â enables necessary + analytics + marketing cookies
- Settings â opens a modal where you can toggle each category individually
- Reject â enables necessary cookies only (no analytics, no marketing)
- Consent is freely given â refusing does not restrict access to the platform
- Consent is specific â separate toggle for analytics vs. marketing
- Consent is informed â this policy explains each cookie's purpose and duration
- Consent is unambiguous â requires an affirmative action (button click)
- Consent is withdrawable â you can change preferences at any time
- Consent record is stored in localStorage with version, timestamp, and category flags
- Consent is renewed when this policy version changes materially
Managing Your Cookie Preferences
You can update your consent preferences at any time by clicking the button below. Changes take effect immediately â analytics and marketing scripts are unloaded if consent is withdrawn.
You can also control cookies via your browser. Note that blocking all cookies may affect platform functionality (especially the chat session). Browser instructions:
- Chrome: Settings â Privacy and security â Cookies and other site data
- Firefox: Options â Privacy & Security â Cookies and Site Data
- Safari: Preferences â Privacy â Manage Website Data
- Edge: Settings â Privacy, search, and services â Cookies
Install the Google Analytics Opt-out Browser Add-on to prevent data collection by Google Analytics across all sites, regardless of consent settings.
Manage Google ad preferences at adssettings.google.com. Manage Meta ad preferences at facebook.com/settings?tab=ads.
Your Rights Regarding Cookie Data
Cookie data may constitute personal data under GDPR. You have the following rights regarding data collected through cookies:
- Right to access â request what cookie data we have about you
- Right to erasure â request deletion of cookie-derived personal data
- Right to object â object to processing based on legitimate interest
- Right to withdraw consent â at any time, without consequence
- Right to complain â to ANSPDCP (anspdcp.ro) or your national DPA
To exercise these rights: privacy@nocta.chat
Changes to This Policy
We may update this Cookie Policy when we add or remove cookies, change purposes, or when legal requirements change. When we make material changes we will update the effective date and, where required, seek renewed consent via the banner. The consent version stored in your browser is automatically compared against the current policy version â a new banner will appear if they differ.
- v2.0 â 1 March 2026 â Updated cookie list, added Stripe and analytics sections, consent versioning
- v1.0 â 1 January 2026 â Initial publication
Contact
Email: privacy@nocta.chat
Subject line: "Cookie Policy Query"
Response time: Within 30 calendar days
Operator: Rauta ER PFA, Bucharest, Romania, EU
ANSPDCP â Romania
www.anspdcp.ro
You may also contact the supervisory authority in your EU country of residence. List available at: edpb.europa.eu
Document: Cookie Policy v2.0 ¡ Effective: 1 March 2026 ¡ Next review: 1 September 2026 ¡ Legal basis: GDPR Art. 6(1)(a) + Romanian Law 506/2004 ¡ Controller: Rauta ER PFA, Romania, EU