Cookie Policy
Effective: 2026-05-01 · Last updated: 2026-05-01
1. What cookies are
Cookies are small text files a website stores in your browser. They let the site remember things across pages — like that you're signed in, or which company you're viewing as.
CloudTMS uses cookies for two purposes: keeping you signed in while you're using the app, and (optionally) understanding how the marketing site is performing. We do not use cookies for advertising, retargeting, or selling data to third parties.
2. Cookies we set
| Cookie | Purpose | Type | Lifespan |
|---|---|---|---|
| next-auth.session-token | Keeps you signed in. Required for the app to function. | Essential | 30 days |
| next-auth.csrf-token | Cross-site request forgery protection during sign-in. | Essential | Session |
| next-auth.callback-url | Remembers where to send you after a successful sign-in. | Essential | Session |
| cloudtms_impersonate | Set only when a CloudTMS super-admin impersonates a tenant. | Essential | 8 hours |
| __cf_bm | Cloudflare bot-management cookie set by our CDN provider. | Essential | 30 minutes |
CloudTMS does not currently set any analytics or advertising cookies. If we add analytics in the future (e.g. PostHog or Plausible), we will update this table and present an opt-in banner on the marketing pages before the cookies are set.
3. Third-party cookies
Some integrated services may set their own cookies when you interact with them:
- Stripe — sets cookies during checkout to detect fraud and remember your card. See stripe.com/cookies-policy.
- Vercel — sets a session cookie on the deployment edge for routing.
4. How to opt out
Essential cookies cannot be disabled because the app cannot function without them — if you block them, you will not be able to sign in.
Non-essential cookies (analytics, when present) can be disabled in two ways:
- Decline the analytics opt-in banner on first visit. We respect that choice for the session and never re-prompt.
- Use your browser's built-in cookie controls. Every modern browser lets you block cookies on a per-site basis from Settings → Privacy.
5. Changes to this policy
We may update this policy from time to time. Material changes will be communicated via in-app notice and email at least 14 days before they take effect. The Last updated date at the top of this page reflects the current revision.
6. Contact
CloudTMS LLC — Privacy Team
Wisconsin, United States
privacy@cloudtms.io