Cookie Policy

This Cookie Policy explains how Xblanc Sp. z o.o. ("GliminTor") uses cookies and similar technologies when you visit glimintor.com and use the GliminTor OS platform. It should be read alongside our Privacy Policy.

The storage of or access to information on a user's device is governed by the EU ePrivacy Directive (2002/58/EC as amended by 2009/136/EC) as implemented in national law, and by the GDPR where personal data is involved. Under this framework, consent is required before any non-essential cookie or similar technology is placed, except for cookies strictly necessary for a service explicitly requested by the user. Consent must be freely given, specific, informed, and unambiguous — it cannot be inferred from pre-ticked boxes or continued use of a website (Court of Justice of the EU, Planet49, Case C-673/17).

Category Purpose Legal basis Consent required Strictly Necessary Session authentication, security tokens, CSRF protection, load balancing. The Service cannot function without these. ePrivacy exemption — strictly necessary for the service. No consent required. No Functional Remember user preferences: theme, language, last active workspace, UI layout. Consent — GDPR Art. 6(1)(a) + ePrivacy Yes Analytics Aggregate usage data to understand how the platform is used and improve it. No individual advertising profiling. Consent — GDPR Art. 6(1)(a) + ePrivacy Yes Security (extended) Session-level access control — strictly necessary. Extended device-level fraud detection, if used — requires consent. Session: ePrivacy exemption. Extended: Consent. No for session; Yes for extended

The following cookies are deployed in the production platform: Service Cookie / technology Category Purpose GliminTor OS Session cookie (internal) Strictly necessary Authenticated user session management GliminTor OS CSRF token (internal) Strictly necessary Cross-site request forgery protection Clerk, Inc. session, client_uat Strictly necessary Authentication session tokens Stripe, Inc. __stripe_mid, __stripe_sid Strictly necessary during checkout Payment fraud detection and session Cloudflare __cf_bm, cf_clearance Strictly necessary / Security Bot detection and DDoS mitigation We do not use advertising cookies, retargeting pixels, or third-party analytics that create individual advertising profiles. Cookie data is not shared with advertising networks. If analytics tools are added in future they will be listed here and will require fresh consent.

On your first visit to glimintor.com a consent banner is displayed. You may accept all optional cookies, reject optional cookies, or manage preferences by category. Non-essential cookies are not activated before you provide consent. Your preference is stored and applied across sessions. Change your preferences at any time by clicking "Cookie Preferences" in the footer of glimintor.com. Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. You may also manage cookies through your browser settings. Disabling strictly necessary cookies will prevent the platform from functioning correctly.

Category Retention Session and strictly necessary cookies Deleted when the browser session ends or on logout Authentication tokens (Clerk) 30 days or until logout Cloudflare security cookies Session to 12 months depending on specific cookie Functional and analytics cookies 12 months from consent, then re-consent required

Material updates will be communicated via the consent banner on your next visit and will require fresh consent where required by law.

Cookie and privacy enquiries: [email protected]