Cookies Policy
Effective Date: Last updated
1. What Are Cookies
Cookies are small text files that are placed on your computer or mobile device when you visit our website. They allow us to remember your preferences and improve your browsing experience. Cookies can also help us understand how you use our website and provide you with relevant content.
2. Cookie Categories
We use four categories of cookies:
- Strictly Necessary: Essential for website functionality
- Preferences: Remember your choices and settings
- Analytics (Future): Help us understand website usage (Matomo)
- Marketing: Not currently used
3. Specific Cookies Used
3.1 Strictly Necessary Cookies
| Cookie Name | Purpose | Duration | Required |
|---|---|---|---|
| auth_session | Secure user login – hacker-proof | 14 days | YES |
| csrf_token | CSRF protection | Session | YES |
| cart_id | Remember project files in cart | 30 days | YES |
3.2 Preferences Cookies
| Cookie Name | Purpose | Duration | Required |
|---|---|---|---|
| preferred_language | Language selection (English/Spanish/etc.) | 1 year | NO |
| theme_preference | Light/Dark mode | 1 year | NO |
| units_preference | Metric vs Imperial units | 1 year | NO |
3.3 Analytics Cookies (Future Implementation)
| Cookie Name | Purpose | Duration | Required |
|---|---|---|---|
| _pk_id.1.abcd | Matomo – anonymised visitor ID | 13 months | NO |
| _pk_ses.1.abcd | Matomo – session tracking | 30 minutes | NO |
Note: Analytics cookies are not currently active. They will be implemented with self-hosted Matomo when ready.
4. Cookie Security & Backend Implementation
Our cookies are implemented with security best practices:
- auth_session: HttpOnly + Secure + SameSite=Lax flags
- csrf_token: Secure + SameSite=Lax flags
- cart_id: Secure + SameSite=Lax flags
- Preferences cookies: Secure + SameSite=Lax flags
The auth_session cookie is hacker-proof with 256-bit cryptographically secure random values and expires after exactly 14 days of inactivity. Active users have their session renewed to +14 days on every page visit.
5. Legal Compliance
Our cookie implementation is fully compliant with:
- GDPR (EU): Granular consent, no pre-ticked boxes, easy withdrawal
- Singapore PDPA: Consent-based processing, minimal data collection
- CCPA/CPRA 2025 (California): Opt-out rights, no sale of personal data
We do not sell or share personal data with third parties. All cookies serve functional purposes only.
6. Cookie Management
You can control cookies through your browser settings or our consent banner:
Browser Settings
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
Our Consent System
Our cookie consent banner appears on first visit and allows you to choose:
- "Accept All" - enables all cookies
- "Essential Only" - strictly necessary cookies only
- "Preferences" - granular control over each category
Consent is stored in localStorage with version control for future policy updates.
7. Updates to This Policy
We may update this Cookies Policy from time to time. We will notify you of any significant changes by posting the updated policy on this page.
8. Contact Us
If you have questions about our use of cookies, please contact us at:
- Email: privacy@kikaiworks.com
- Subject: Cookies Policy Inquiry