Legal

Cookie Policy

A comprehensive breakdown of how PulUp uses cookies and similar tracking technologies. Complete transparency about what data we collect and why.

Last updated: 23 February 2026

Quick Summary

Currently, PulUp uses minimal cookies focused on essential functionality. Here's what's active:

Essential
1 cookie
Session management
Analytics
0 cookies
Not yet implemented
Marketing
0 cookies
Not used

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences, keep you logged in, and understand how you use the platform.

PulUp uses cookies responsibly and only when necessary to provide core functionality or improve your experience. We believe in data minimalism - collecting only what's essential.

2. Cookies We Currently Use

As of now, PulUp uses only one essential cookie to maintain your authenticated session. No tracking, no analytics, no marketing pixels.

Essential Cookies

Required for core platform functionality. These cannot be disabled.

nhost-session
First-partyRequired

Stores your authentication session to keep you logged in as you navigate PulUp. This cookie is essential for accessing your account and creating events.

Duration:Session-based (deleted when you log out or close browser)

3. Future Cookie Categories

As PulUp grows, we may introduce additional cookies to improve the platform. These will require your explicit consent before being activated. Here's what we're considering:

Analytics Cookies

Planned

Help us understand how users interact with PulUp - which features are most popular, where users encounter friction, and how we can improve the experience.

Potential Tools:Google Analytics, Plausible, or similar privacy-focused analytics
Data Collected:Page views, feature usage, session duration (anonymized)
Consent Required:Yes - we'll ask before enabling

Preference Cookies

Under Consideration

Remember your UI preferences, such as theme selection (dark/light mode), language preferences, or accessibility settings.

Purpose:Enhanced user experience, personalized settings
Consent Required:No (considered functional, but optional)

Our Commitment: We will never use marketing/targeting cookies, third-party advertising trackers, or sell your data to third parties. Any future cookies will be disclosed here with full transparency.

4. Managing Your Cookie Preferences

You have full control over cookies. Here's how to manage them:

1
Browser Settings

Most browsers allow you to control cookies through their settings. You can:

  • Block all cookies (note: this will prevent you from logging into PulUp)
  • Delete existing cookies from your device
  • Enable "Do Not Track" signals (we respect these settings)

2
PulUp Account Settings (Future)

When we introduce analytics or optional cookies, we'll add a preference center in your account settings where you can enable/disable non-essential cookies with a single click.

3
Cookie Consent Banner (Future)

Before activating any analytics or non-essential cookies, we'll implement a consent banner that lets you opt in or out. You'll have full control from your first visit.

5. Technical Implementation

For transparency, here's how our authentication cookie works:

Cookie Name:nhost-session
Set By:Nhost authentication service (EU-based infrastructure)
Storage Type:HTTP Cookie (accessible to client & server)
SameSite Policy:Lax (CSRF protection)
Secure Flag:True in production (HTTPS only)
HttpOnly:False (required for API authentication)
Expiration:Session-based or 30 days (if 'Remember Me' enabled)

Note on HttpOnly: While most session cookies use the httpOnly flag for security, our authentication system requires client-side access to attach tokens to API requests. This is a standard practice for modern SPAs (Single Page Applications) and doesn't compromise security when combined with HTTPS and SameSite policies.

6. Legal Basis (GDPR & ePrivacy)

Under the General Data Protection Regulation (GDPR) and ePrivacy Directive, here's our legal basis for cookie usage:

Essential Cookies (nhost-session)

Legitimate Interest + Performance of Contract

Required to authenticate users and provide the core service. GDPR Article 6(1)(b) and ePrivacy Directive Recital 66 allow essential cookies without explicit consent.

Future Analytics Cookies

Consent (GDPR Article 6(1)(a))

Will require explicit opt-in consent via cookie banner before activation. Users can withdraw consent at any time.

Data Controller
DraVan Technologies SARL-S, Luxembourg
Data Processor
Nhost (EU-based, GDPR-compliant infrastructure)

7. Updates to This Policy

We'll update this Cookie Policy whenever we introduce new cookies or change how we use them. Major changes will be communicated through:

  • Email notification to registered users
  • In-app banner or notification
  • Updated "Last modified" date at the top of this page

Questions or concerns? Contact us anytime:

Email:privacy@pulup.com
Privacy Policy:View full Privacy Policy
← Back to Home
Privacy PolicyTerms of Service