Cookie Policy
ReflectHub OÜ — English
ReflectHub OÜ — Legal Documentation
Cookie Policy
ReflectHub OÜ
| Effective Date | 2026-06-18 |
|---|---|
| Last Updated | 2026-06-18 |
| Applies To | reflecthub.com (marketing website) and app.reflecthub.com (product) |
| Controller | ReflectHub OÜ |
This Cookie Policy explains how ReflectHub OÜ ("ReflectHub", "we", "us", or "our") uses cookies and similar technologies on our website and, where applicable, our platform. It should be read together with our Privacy Policy.
What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They help websites function, remember preferences, improve performance, and understand how visitors use the site.
We may also use similar technologies such as local storage, pixels, SDKs, and tags. For simplicity, this policy refers to all such technologies as "cookies" unless otherwise stated.
Why We Use Cookies
We currently use cookies and similar technologies only for purposes that are strictly necessary to operate our website and product, namely:
- Session management and authentication on the product (app.reflecthub.com).
- Security functions such as CSRF protection on forms.
- Bot and abuse protection on public forms via Cloudflare Turnstile.
We do not currently use analytics, advertising, or marketing cookies, and we do not allow third-party advertising networks to set cookies on our domains.
Cookie Categories
3.1 Strictly Necessary Cookies
These cookies and similar technologies are required for core functionality, security, and service delivery. They cannot be switched off because the website or product would not work properly without them.
Examples: session cookies that keep an Authorized User signed in to app.reflecthub.com, CSRF tokens that protect form submissions, and challenge/verification tokens set by Cloudflare Turnstile while it verifies that a form submission is not from a bot.
We do not currently set functional/preference cookies, analytics cookies, or marketing cookies. If that changes, we will update this Cookie Policy and, where required by law, request consent before any non-essential cookies are set.
Legal Basis for Cookies (EEA / GDPR Context)
For strictly necessary cookies and similar technologies, our legal basis is the necessity of processing for providing the service you have requested and our legitimate interest in operating a secure service (Article 6(1)(b) and Article 6(1)(f) GDPR; the storage exemption under Article 5(3) of the ePrivacy Directive for technically necessary storage).
Because we do not currently set non-essential cookies, consent is not required for the cookies described in this policy.
Cookie Consent and Preference Management
We do not currently display a cookie consent banner because the cookies and similar technologies we use are all strictly necessary and exempt from consent requirements under applicable law. You can still control cookies through your browser settings as described in Section 7.
If we introduce analytics, marketing, or other non-essential cookies in the future, we will deploy a consent management tool and obtain consent where required before such cookies are set.
Third-Party Cookies and Connections
The following third parties may set cookies, read identifiers, or receive technical metadata (such as IP address and browser information) when you use the website or product:
- Cloudflare, Inc. — provides bot and abuse protection (Turnstile) on public forms and edge / DNS services in front of our domains. Cloudflare may set short-lived challenge cookies on the cloudflare.com / challenges.cloudflare.com domains while verifying a form submission. See: https://www.cloudflare.com/privacypolicy/
- Google (Google Ireland Limited / Google LLC) — our website loads the Material Symbols icon stylesheet from Google Fonts (fonts.googleapis.com / fonts.gstatic.com). Google does not set cookies on our domains for this purpose, but the request exposes your IP address and User-Agent to Google as the CDN operator. See: https://policies.google.com/privacy
These providers are listed in our Sub-Processor List at https://reflecthub.com/legal/sub-processors. Their use of cookies and similar technologies is also governed by their own privacy and cookie policies.
How to Control Cookies in Your Browser
Most web browsers allow you to control cookies through browser settings (for example, block cookies, delete cookies, or notify you when cookies are set).
Please note that disabling strictly necessary cookies may affect website or platform functionality, including sign-in and form security features.
Cookie List
The cookies and similar technologies currently in use are summarised below. We update this list as the product evolves.
| Identifier | Provider | Category | Purpose | Type | Duration | Domain | Consent Required |
|---|---|---|---|---|---|---|---|
| Authentication session token | ReflectHub | Strictly Necessary | Keeps an Authorized User signed in to the product after they complete passwordless authentication. | First-party | Session and short-lived refresh | app.reflecthub.com | No |
| CSRF token | ReflectHub | Strictly Necessary | Protects form submissions and state-changing requests against cross-site request forgery. | First-party | Session | reflecthub.com, app.reflecthub.com | No |
| Turnstile challenge tokens (e.g., `cf_chl_*`) | Cloudflare, Inc. | Strictly Necessary | Verifies that submissions to public forms (contact, demo, legal, newsletter) are not automated. | Third-party | Short-lived (typically minutes) | challenges.cloudflare.com | No |
Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect legal, technical, or operational changes. We will post the updated version and update the "Last Updated" date.
Contact Us
If you have questions about this Cookie Policy or our use of cookies, contact us at:
Email: privacy@reflecthub.com
ReflectHub OÜ
Lõhmuse tee 2, 12113 Tallinn, Estonia
https://reflecthub.com