Skip to content
Sairaph Mail

Cookie Policy

Effective date: 25 June 2026 Last updated: 25 June 2026

This Cookie Policy explains the cookies and similar client-side storage technologies (such as localStorage and sessionStorage) used by Sairaph Mail (the "Service"), operated by WELLDONE (Aleja Wyzwolenia 11/6, 70-552 Szczecin, Poland; NIP PL8531508847) at mail.sairaph.com. It supplements our Privacy Policy (see Section 8 of that document); terms defined there apply here.

Summary: Sairaph Mail is built to be privacy-first. We use only strictly necessary storage to run the Service and remember your privacy choices, plus cookieless baseline analytics that sets nothing on your device. We do not use third-party advertising or cross-site tracking cookies. The only storage that is not strictly necessary is an optional, consent-gated analytics-attribution token, which runs only if you opt in.

---

1. What we set, and why

1.1 Strictly necessary (no consent required)

These are required for the Service to function or to honour your choices; under the ePrivacy rules they are exempt from the consent requirement.

  • Authentication token — stored in your browser's localStorage. Purpose: keeps you signed in to the dashboard. Set by: Sairaph Mail (first party). Duration: until you sign out or it expires/is cleared. Without it, the dashboard cannot keep you logged in.
  • Consent-decision record — stores your cookie/privacy choices. Purpose: so we can remember and honour your preference and not ask repeatedly. Set by: Sairaph Mail (first party). Duration: persistent until you change your choice or clear it.
  • Cloudflare Turnstile — runs on the signup form and may set its own storage/cookies. Purpose: distinguishing humans from automated bots (security / abuse prevention). Set by: Cloudflare (our sub-processor; see SUB_PROCESSORS.md). Duration: short-lived / per challenge.

1.2 Analytics — cookieless baseline (no consent required) + optional enriched layer (consent required)

We use self-hosted Plausible Analytics, operated by us on EU infrastructure (not the managed Plausible cloud).

  • Baseline measurement — cookieless. In its baseline mode, Plausible sets no cookies and writes nothing to your device. It relies on our legitimate interest in measuring and improving the Service. Because it does not store or access information on your device, it does not require consent.
  • Enriched / attribution layer — consent-gated. If you turn analytics on, an enriched/attribution layer additionally stores a small amount of measurement data on your device (a `sessionStorage` attribution token). This layer is not strictly necessary and runs only after you consent via the cookie/privacy banner.

We do not use third-party advertising cookies, cross-site tracking, or device fingerprinting for advertising.

---

2. Managing your choices

2.1 You can give, change, or withdraw your consent for the optional enriched analytics layer at any time using the "Manage cookie preferences" control. Withdrawing consent stops the enriched layer going forward; it does not affect the lawfulness of processing before withdrawal.

2.2 You can also control storage through your browser settings (e.g. blocking or clearing cookies and site storage). Note that blocking strictly-necessary storage — such as the authentication token — will prevent the dashboard from working correctly.

2.3 The strictly-necessary items in Section 1.1 cannot be switched off through the preferences control, because the Service (or your saved preference) depends on them.

---

3. Sub-processors

3.1 The only third party that may set storage in connection with the Service is Cloudflare (Turnstile, strictly necessary security). Plausible analytics is self-hosted by us in the EU. Full details of our sub-processors, their roles, regions, and transfer mechanisms are in SUB_PROCESSORS.md.

---

4. Changes to this Policy

4.1 We may update this Cookie Policy to reflect changes to the technologies we use or to the law. For material changes, we will notify you by updating this page (and, where appropriate, through the cookie/privacy banner) with a new effective date.

---

Contact: WELLDONE, Aleja Wyzwolenia 11/6, 70-552 Szczecin, Poland (NIP PL8531508847) — privacy: privacy@sairaph.com.

If you have questions about these terms, contact us at privacy@sairaph.com.

*Sairaph Mail, operated by WELLDONE, Sairaph.com.*