Cookies

Our cookie policy

Effective Date: 1 Dec 2025
Last Updated: 1 Dec 2025

About this cookie policy

This Cookies Policy explains how we use cookies and similar technologies on the Appear Hub (“Hub”).

By granting explicit consent during the login process, you agree to the use of analytics cookies as described below. You may withdraw your consent at any time through your browser settings or on your profile.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They enable the website to recognize your device and store information about your preferences or actions.

2. Types of Cookies We Use

a. Essential Cookies

These cookies are required for the proper operation of the Appear Hub. They enable basic functions such as authentication and secure login.

• auth0
  • Provider: Auth0
  • Purpose: Implements single sign-on session
  • Expiry: Session-persistent or non-persistent; controlled via settings
• auth0_compat
  • Provider: Auth0
  • Purpose: Fallback SSO support for browsers without SameSite=None
  • Expiry: Same as auth0
• auth0-mf
  • Provider: Auth0
  • Purpose: Indicates device trust level for multi-factor authentication
  • Expiry: Valid until MFA context renewal
• auth0-mf_compat
  • Provider: Auth0
  • Purpose: Fallback MFA support for older browsers
  • Expiry: Same as auth0-mf
• a0_users:sess
  • Provider: Auth0
  • Purpose: CSRF protection in Classic Universal Login workflows
  • Expiry: Session-persistent or non-persistent
• a0_users:sess.sig
  • Provider: Auth0
  • Purpose: Signature for a0_users:sess CSRF protection
  • Expiry: Same as a0_users:sess
• did
  • Provider: Auth0
  • Purpose: Device identifier for anomaly detection
  • Expiry: Session-persistent
• did_compat
  • Provider: Auth0
  • Purpose: Fallback for did on browsers lacking SameSite=None
  • Expiry: Same as did
• auth0.{CLIENT_ID}.is.authenticated
  • Provider: Auth0
  • Purpose: Indicates valid checkSession SSO session
  • Expiry: Session-based
• auth0.{CLIENT_ID}.organization_hint
  • Provider: Auth0
  • Purpose: Stores organization ID for silent authentication fallback
  • Expiry: Session life of client session
• browser-tabs-lock-key-auth0.lock.getTokenSilently
  • Provider: Auth0
  • Purpose: Locks token refresh across browser tabs during getTokenSilently
  • Expiry: Temporary while token operation in progress

Note: These cookies are strictly necessary and do not require user consent.

b. Analytics Cookies

We use analytics cookies to help us understand how users interact with the Appear Hub, including which pages are visited and for how long. These cookies enable us to improve Appear Hub functionality and user experience.

We use Amplitude as our third-party analytics provider. Amplitude collects product analytics data, including device identifiers, browser type, session timestamps, and user ID (if provided during login).

• AMP_
  • Provider: Amplitude
  • Purpose: Stores session metadata: deviceId, userId, sessionId, lastEventTime, lastEventId
  • Expiry: Session-based; expires when session ends
• AMP_MKTG_
  • Provider: Amplitude
  • Purpose: Captures marketing attribution: UTM parameters, click IDs, referrer info
  • Expiry: Session-based; may persist across visits
• AMP_TEST_
  • Provider: Amplitude
  • Purpose: Tests if cookies are enabled; deleted after test
  • Expiry: Temporary – deleted after test
• AMP_TLDTEST_
  • Provider: Amplitude
  • Purpose: Detects correct top-level domain for cookie storage
  • Expiry: Temporary – deleted after test

Third-Party Policy:
For more information, please review Amplitude’s privacy policy: https://amplitude.com/privacy

3. Data Collected

The data collected via cookies may include:

• Device identifiers
• Session timestamps
• User ID (if provided during login)
• Browser type and version
• Navigation patterns and interaction events
• Referrer URLs and UTM parameters

This data is used only for analytical and operational purposes as described above and is not shared with other third parties.

4. Data Retention

Cookie data is retained for the period necessary to fulfill the purposes outlined in this policy.

• Analytics data (Amplitude): retained for up to 12 months.
• Authentication data (Auth0): retained for the duration of the user session or as required for security and compliance.

After the applicable retention period, data is deleted or anonymized.

5. Legal Basis for Processing

The legal basis for processing non-essential cookie data (e.g., analytics) is explicit consent under the General Data Protection Regulation (GDPR) and the ePrivacy Directive.

Essential cookies, such as those used by Auth0 for authentication, are processed based on the necessity to provide the requested service (Article 6(1)(b) GDPR).

6. Managing Cookies and Consent

You can manage or withdraw your consent to non-essential cookies at any time through:

• The cookie acceptance form displayed during login, or
• Your browser settings (which may affect certain functionalities of the Hub).

7. Your Rights

Under applicable data protection laws, you have the right to:

• Access personal data we hold about you
• Correct inaccurate or incomplete data
• Request deletion of your personal data
• Withdraw consent to analytics cookies

To exercise these rights, please contact legal@appear.net