Cloop Cookie & Storage Policy
Effective date: 2026-03-01 Last updated: 2026-02-15
This policy explains what browser storage (cookies, localStorage) Cloop uses across the marketing site, dashboard, and embeddable chat widget.
1. Marketing Site (www.cloop.io)
The static pages of the Cloop marketing site at www.cloop.io use no cookies and no tracking. There are no analytics scripts, no advertising pixels, and no third-party trackers.
However, the site embeds the Cloop chat widget. If you interact with the widget, it stores a visitor identifier in your browser's localStorage as described in Section 3 below, and the backend records your conversation data (messages, session metadata, conversation phase) as described in our Privacy Policy.
2. Dashboard (console.cloop.io)
The Cloop admin dashboard uses the following browser storage:
| Storage | Purpose | Duration |
|---|---|---|
| localStorage | Authentication tokens (access + refresh) | Until logout or token expiry |
| localStorage | Currently selected site preference | Until logout or changed |
No third-party cookies are set by the dashboard. No analytics or tracking scripts are loaded.
Legal basis: Contract performance (Art. 6(1)(b) GDPR) — these tokens are necessary to authenticate you and provide the service you signed up for.
3. Chat Widget (Embedded on Customer Websites)
When a customer embeds the Cloop widget on their website, the widget uses the following browser storage on the visitor's device:
| Storage | Purpose | Duration |
|---|---|---|
| localStorage | Random UUID identifying the visitor for repeat visit correlation | Persistent until cleared by visitor |
What This Means
- The widget stores one localStorage item per site the visitor interacts with
- The value is a random UUID (e.g.,
a1b2c3d4-e5f6-...) — it contains no personal information - It is used to recognize returning visitors so conversation history can continue across page loads
- It is not a cookie — it is not sent with HTTP requests and cannot be read by other domains
- It is not shared across different websites that use Cloop
Cookie Consent Considerations
Whether this localStorage usage requires cookie consent depends on your jurisdiction and interpretation of the ePrivacy Directive:
- Strictly necessary exception may apply, as the identifier enables the chat service the visitor initiates. Several EU DPAs have indicated that storage strictly necessary for a service explicitly requested by the user is exempt from consent.
- Conservative approach: If your compliance policy requires consent for all browser storage, you can add
data-consent-required="true"to the widget script tag (coming soon). This will delay widget initialization until consent is signaled.
We recommend that customers mention the Cloop chat widget in their cookie/privacy policy regardless. See our End-User Privacy Notice template for suggested text.
4. What We Do NOT Use
- No advertising cookies or pixels
- No cross-site tracking
- No fingerprinting techniques
- No analytics cookies (Google Analytics, etc.)
- No social media cookies or pixels
- No session cookies (we use JWT tokens in localStorage instead)
5. How to Clear Cloop Storage
Dashboard tokens
Log out of the Cloop dashboard, or clear localStorage for console.cloop.io in your browser settings.
Widget visitor ID
Clear localStorage for the website where the widget is embedded. The visitor ID will be regenerated on next visit (a new anonymous session will start).
6. Changes
We may update this policy as we add features. If we add any tracking or analytics, we will update this document and notify customers who embed the Widget.
Contact
Questions: privacy@cloop.io