Cookie & Storage Policy
What Porosi stores on your browser or device, what is essential, when analytics operates and how you stay in control.
Last updated: 15 July 2026.
Some storage keeps Porosi secure and usable. Optional analytics is kept separate. Rejecting optional analytics does not remove core account, catalogue or Order functionality.
The short version
- Essential storage supports sign-in, security, tenant routing, Buyer context, Order drafts and other features you request.
- Microsoft Clarity is loaded in consent mode. Analytics storage is denied unless permission has been recorded, and advertising storage remains denied.
- Without analytics consent, Clarity may receive limited cookieless page-view data but does not set its analytics cookies or join visits into a persistent analytics session.
- With analytics consent, Clarity can use analytics cookies and session replay to help us understand navigation, errors and performance.
- You can stay in control through any Porosi preference control shown to you and through your browser or device settings.
Porosi is operated by Porosi Ltd, company number 17185812. This policy covers Porosi websites, Supplier dashboards, Buyer portals, mobile apps, support tools, integrations and related services. Read it with our Privacy Policy, which explains how we use personal data.
02. What we mean by storage technology
A cookie is a small text record a website asks a browser to store. localStorage and sessionStorage are browser storage technologies: localStorage can remain after the browser closes, while sessionStorage is normally limited to a tab or browser session. The same legal rules may also apply to scripts, pixels, tags, device identifiers and other technologies that store information on, or read it from, a device.
Porosi may also use secure mobile-app storage, push-notification tokens, integration redirect state and device or installation identifiers. Depending on the feature, storage may hold authentication state, Supplier or Buyer context, invitations, registration progress, Order drafts, autosave data, security signals, consent choices, diagnostics and preferences.
Blocking all browser or app storage can prevent sign-in, load the wrong account context, lose an Order draft or stop an integration from completing. Rejecting optional analytics alone does not have those effects.
03. Strictly necessary cookies and storage
Strictly necessary cookies and storage cannot be switched off through our cookie controls because they are essential to provide a feature you request or to transmit and secure the service. They support sign-in, account separation, Supplier and Buyer routing, Orders and abuse prevention. You can block them in your browser or device, but the affected feature may stop working.
| Purpose | Examples of data or keys | Why it is needed |
|---|---|---|
| Authentication and session security | porosi_token, porosi_access_token, session identifiers, token versions, signed-in context and password-reset or invitation state. | Verify requests, maintain an authorised session, prevent unauthorised access and complete recovery or invitation flows. |
| Tenant and buyer account routing | porosi_auth_context, porosi_customer_token, porosi_customer_context, selected Supplier or Buyer account, role and permission context. | Open the correct Supplier workspace, Buyer portal, catalogue, pricing, Order history and permissions. |
| Order, registration, and support workflows | Order drafts, invitation or registration state, support-session state, form progress, product drafts and autosave data. | Complete a requested workflow, recover interrupted progress and avoid losing operational work. |
| Security, fraud prevention, diagnostics, and availability | IP address, user agent, security events, rate-limit data, error or request identifiers and availability data. | Detect abuse, protect accounts, investigate incidents, diagnose faults and keep the service reliable. |
| Consent and legal records | Cookie or analytics choice, policy acknowledgement, choice timestamp and limited browser or device context. | Respect and record your latest choice and avoid asking on every page. |
04. Analytics and Microsoft Clarity
Porosi uses Microsoft Clarity to understand how pages are navigated, where users encounter errors, how pages perform and which workflows need support. The Clarity tag loads in consent mode. Porosi sends an analytics-storage signal of denied unless a supported Porosi consent value records analytics permission. We keep Clarity advertising storage denied and do not enable it for Microsoft Ads.
When analytics storage is denied, Microsoft states that Clarity does not set its analytics cookies and uses a limited cookieless mode. A temporary per-tab Porosi replay identifier may be created in sessionStorage while the analytics bootstrap runs; it expires with the browser session and is not an advertising identifier. When analytics permission is recorded, Clarity may set cookies such as _clck and _clsk to recognise a browser and connect page views into a session.
Where session replay is available, Porosi uses it for product support, error investigation and usability improvement. Payment fields are masked. Supplier and Buyer application surfaces are configured to mask page content and forms; marketing pages are not generally masked, except that pricing payment fields remain masked. Clarity recordings are retained under Microsoft's service settings and published retention rules.
We do not classify analytics, advertising, behavioural tracking, retargeting or cross-site marketing as strictly necessary. If we add an optional technology or use an existing one for a new purpose, we will update this policy and any consent control required by law before enabling that use.
Microsoft information
Microsoft documents Clarity's cookies and consent behaviour at Clarity Cookies and Consent Management. Microsoft may update its cookie names or durations independently of Porosi.
05. Third-party and integration cookies
Xero, QuickBooks, Stripe, Apple, Google, Microsoft, or other integration providers may use their own cookies or storage on login screens, app stores, payment pages, OAuth approval pages, maps, support tools or embedded services. Their own terms, privacy notices and cookie controls apply on those surfaces.
Porosi may separately store short-lived redirect state, account mappings, sync identifiers, webhook records, masked payment references and push tokens so that the connection works safely. That Porosi-held state is different from storage a provider controls on its own domain or app.
06. Your controls
- If a Porosi cookie or analytics choice is shown, use it to accept or reject optional analytics.
- Use browser settings to inspect, delete or block cookies, localStorage and sessionStorage. The steps vary by browser.
- Signing out invalidates or removes some authentication and account context, but may leave a preference or legally required consent record.
- Use iOS, Android and app-store settings to manage push notifications, app storage and device-level privacy permissions.
- Manage a connected provider's storage through that provider's website, app or consent control.
- Email [email protected] if you cannot find the relevant control or want to object to analytics processing.
07. How long storage lasts
| Type | Typical duration |
|---|---|
| Session cookies and sessionStorage | Normally until you close the tab or browser, sign out, or the security session expires. Some session-security records also remain server-side for audit and abuse prevention. |
| Persistent cookies and localStorage | Until their stated expiry, sign-out, replacement or deletion by Porosi, or manual deletion in your browser. The purpose determines the period. |
| Security, audit, and diagnostic records | For a risk-based period needed to protect Porosi, investigate incidents, diagnose faults and meet legal or contractual duties. |
| Integration, push, and device records | While the integration, app installation, notification setting or Account is active, then for a reasonable audit, troubleshooting or deletion period. |
| Consent records | Long enough to respect the latest choice, avoid repeatedly asking and demonstrate the choice where required. |
08. Contact
For a question, objection or request about cookies, analytics or device storage, email [email protected]. Send legal notices to [email protected] and general enquiries to [email protected].
Porosi Ltd is registered in England and Wales under company number 17185812. Registered office: 27 Tenterden Drive, Canterbury, England, CT2 7BH.
