Cookie Policy

Effective: 21.04.2026
Last Updated: 21.04.2026

1. Introduction

This Cookie Policy explains how Recodive oHG ("we," "us," or "our") uses cookies and similar technologies on the Dehoist website and dashboard at https://dehoist.com. It complies with the EU ePrivacy Directive, the GDPR, and the German Telecommunications-Digital Services Data Protection Act (TDDDG).

Dehoist uses only strictly necessary cookies. We do not use analytics cookies, advertising cookies, or tracking pixels on dehoist.com.

2. What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help websites:

• Remember your preferences.
• Keep you signed in.
• Protect your session from attacks.

3. Legal Basis for Cookie Use

Because Dehoist relies solely on strictly necessary cookies, the legal basis is:

• Legitimate Interest (Art. 6(1)(f) GDPR) and §25(2) TDDDG — technically necessary cookies for operating the Service. No consent banner is required for these cookies.

4. Cookies We Use on dehoist.com

4.1 Session Cookie (nuxt-session)

• Purpose: Keeps you signed in to the Dehoist dashboard after authenticating via Orca.
• Issued by: nuxt-auth-utils on dehoist.com (first-party).
• Properties: HttpOnly, Secure, SameSite=Lax.
• Lifetime: 7 days.

4.2 Theme / Colour-Mode Preference

• Purpose: Remembers your light/dark-mode preference so it persists between visits.
• Issued by: dehoist.com (first-party).
• Lifetime: up to 1 year, or until you change the preference.

4.3 CSRF / Anti-Forgery Token

• Purpose: Protects state-changing requests on the dashboard from cross-site request forgery.
• Issued by: dehoist.com (first-party).
• Lifetime: session.

5. Cookies Set by Orca on account.recodive.com

When you sign in to Dehoist you are briefly redirected to Orca at https://account.recodive.com. Orca sets its own cookies in that domain (for example, a session cookie and CSRF token). Those cookies are scoped to account.recodive.com and are not readable by dehoist.com.

For details of the cookies Orca sets, please refer to the Recodive Cookie Policy.

6. Third-Party Cookies

6.1 Cloudflare

Cloudflare, which serves dehoist.com over its global network, may set cookies strictly necessary for:

• Bot and abuse protection.
• Load balancing.

See the Cloudflare Cookie Policy.

6.2 No analytics or advertising cookies

Dehoist does not use Google Analytics, Plausible, PostHog, Rybbit, Google AdSense, or any other analytics or advertising provider on dehoist.com. Error reports sent to Sentry have cookies and headers stripped before transmission and therefore are not cookie-based tracking.

7. Cookie Management

7.1 No consent banner

Because Dehoist relies solely on strictly necessary cookies, we do not display a cookie consent banner on dehoist.com. No action is required from you to use the Service.

7.2 Browser Settings

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and security → Cookies and other site data.
• Firefox: Settings → Privacy & Security → Cookies and Site Data.
• Safari: Preferences → Privacy → Cookies and website data.
• Edge: Settings → Privacy, search, and services → Cookies and site permissions.

Warning: Blocking strictly necessary cookies will prevent you from signing in to Dehoist and from using most dashboard features.

8. Do Not Track (DNT)

Dehoist does not operate tracking cookies and therefore Do Not Track signals are not applicable. All cookies listed above are strictly necessary for operation.

9. Local Storage and Similar Technologies

In addition to cookies, Dehoist may use:

• Local storage — for non-sensitive UI preferences (for example, the last-selected guild in the dashboard). Persistent until cleared by the user.
• Session storage — for transient UI state, cleared automatically when the browser tab is closed.

10. Data Processing and Protection

10.1 Data Collected via Cookies

The cookies listed above may collect:

• Your Dehoist session identifier (not your password).
• Your theme preference.
• A CSRF token bound to your session.

10.2 Data Security

We protect cookie data through:

• Encryption in transit (HTTPS).
• HttpOnly, Secure, and SameSite cookie flags where applicable.
• Regular security reviews.

10.3 Retention

• Session cookies: 7 days.
• Theme preference: up to 1 year.
• CSRF token: session.

11. Children's Privacy

Dehoist is not intended for users under 16. We do not knowingly place cookies on devices operated by children under 16 years of age.

12. International Users

We apply the same cookie practices globally.

13. Updates to This Policy

We may update this Cookie Policy to reflect:

• Changes in our cookie usage.
• New legal requirements.
• New features or services.

Updates will be posted on this page with a new "Last Updated" date.

14. Contact Information

For questions about our use of cookies:

Recodive oHG
Möllendorffstraße 108
10367 Berlin, Germany
Phone: +49 156 79 75 39 03
Email: [email protected]

15. Supervisory Authority

You have the right to lodge a complaint regarding our cookie practices:

Berlin Commissioner for Data Protection and Freedom of Information
Friedrichstr. 219
10969 Berlin, Germany
Phone: +49 30 13889-0
Email: [email protected]

16. Cookie Glossary

• First-party cookies: Set by dehoist.com directly.
• Third-party cookies: Set by external services integrated into dehoist.com (e.g., Cloudflare).
• Session cookies: Deleted when the session expires.
• Persistent cookies: Remain until expiration or manual deletion.
• Secure cookies: Only transmitted over HTTPS.
• HttpOnly cookies: Not accessible via JavaScript (security feature).
• SameSite cookies: Protection against cross-site request forgery.

---

This Cookie Policy forms part of our Privacy Policy and Terms of Service.

By using Dehoist, you acknowledge that you have read and understood this policy.