Cookie Policy
This Cookie Policy explains how Porosi Ltd uses cookies, localStorage, sessionStorage, device identifiers, push tokens, and similar storage technologies across our website, dashboard, buyer portal, mobile apps, APIs, and related services.
Last Updated: 29 April 2026.
Porosi is operated by Porosi Ltd, company number 17185812. This policy should be read with our Privacy Policy and applies to Porosi websites, supplier dashboards, buyer portals, mobile apps, support tools, integrations, and related services.
Cookies and similar technologies help us keep users signed in, route users to the correct tenant or buyer account, protect the platform, remember operational context, support product workflows, measure service performance where enabled, and manage optional preferences.
02. Cookies, localStorage, sessionStorage, and similar technologies
Cookies are small text files placed on a browser or device. localStorage and sessionStorage are browser storage technologies that allow a web app to store information in your browser. We may also use mobile app storage, push notification tokens, device identifiers, integration redirect state, and similar technologies where needed to provide the Services.
These technologies may store or access authentication tokens, tenant context, buyer account context, invite or registration state, support session state, autosave data, security signals, consent choices, diagnostic data, and preferences. Blocking all storage may prevent Porosi from signing you in, keeping your basket or order draft, loading the correct supplier portal, or completing an integration flow.
03. Strictly necessary cookies and storage
Strictly necessary cookies and storage cannot be switched off through our cookie controls because they are required to provide the Services you request, secure accounts, remember your signed-in state, protect tenant isolation, process orders, and prevent misuse. You can block them through browser settings, but parts of Porosi may stop working.
| Purpose | Examples of data or keys | Why it is needed |
|---|---|---|
| Authentication and session security | porosi_token, porosi_access_token, session identifiers, token versions, signed-in user context, password reset or invite flow state. | To keep authorised users signed in, verify requests, prevent unauthorised access, and support account recovery or invitation flows. |
| Tenant and buyer account routing | porosi_auth_context, porosi_customer_token, porosi_customer_context, selected tenant, selected buyer account, role and permission context. | To route users to the correct supplier workspace, buyer portal, pricing, catalogue, order history, and account permissions. |
| Order, registration, and support workflows | Order draft state, invite or registration token state, support login state, form progress, product draft or tenant product autosave data. | To let users place orders, complete setup, recover interrupted workflows, and avoid losing operational work in progress. |
| Security, fraud prevention, diagnostics, and availability | IP address, user agent, security events, rate-limit data, error identifiers, request IDs, load-balancing or availability data. | To detect abuse, protect accounts, investigate incidents, troubleshoot faults, maintain reliability, and satisfy security obligations. |
| Consent and legal records | Cookie preference choices, policy acknowledgement state, consent timestamp, browser or device context. | To remember your choices and demonstrate compliance with cookie, privacy, and communications requirements. |
04. Optional analytics, performance, and marketing cookies
Optional analytics or marketing cookies are not set unless you have given consent or another lawful exception applies. Where enabled, optional analytics and performance tools may help us understand aggregate usage, page performance, errors, feature adoption, and customer support needs. Optional marketing cookies may help measure campaigns or avoid showing irrelevant messages.
We do not treat analytics, advertising, behavioural tracking, retargeting, or cross-site marketing cookies as strictly necessary. If we introduce a new optional cookie or similar technology for a new purpose, we will update our controls or notices where required.
05. Third-party and integration cookies
Porosi integrates with third-party services. Xero, QuickBooks, Stripe, Apple, Google, Microsoft, or other integration providers may set cookies or use similar technologies on their own websites, login screens, app stores, payment pages, OAuth approval pages, maps, browser controls, support tools, or embedded services. Their use is governed by their own terms, cookie policies, and privacy notices.
Porosi may store integration redirect state, account mappings, sync identifiers, webhook event records, payment processor references, push notification tokens, and related data so that connected services work. This storage is separate from cookies that those providers may set on their own domains.
06. Your controls
- You can use Porosi cookie controls, where shown, to accept or reject optional cookies.
- You can change browser settings to delete or block cookies, localStorage, and sessionStorage. Browser controls vary by provider.
- Signing out may remove or invalidate some authentication and account-context storage, but it may not clear every browser-level preference or legal record.
- Mobile operating systems and app stores provide controls for push notifications, tracking permissions, app storage, and device-level advertising or analytics settings.
- Integration providers may require separate controls on their own websites or apps.
07. How long storage lasts
| Type | Typical duration |
|---|---|
| Session cookies and sessionStorage | Usually until you close the browser tab, close the browser, sign out, or the session expires. |
| Persistent cookies and localStorage | Usually until expiry, sign-out, deletion by the app, replacement by a newer value, or manual deletion through browser controls. |
| Security, audit, and diagnostic records | Retained for periods appropriate to protect the Services, investigate incidents, debug faults, and meet legal or contractual obligations. |
| Integration, push, and device records | Retained while the integration, app install, notification setting, or account relationship is active, and for a reasonable period afterwards for audit, troubleshooting, or deletion workflows. |
| Consent records | Retained for a period that allows us to remember and demonstrate your cookie or communications choices. |
08. Contact
Questions about this Cookie Policy or our use of storage technologies can be sent to [email protected] or [email protected]. General enquiries can be sent to [email protected].
Porosi Ltd is registered in England and Wales with company number 17185812. Registered office: 27 Tenterden Drive, Canterbury, England, CT2 7BH.