1. What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They allow us to recognise your browser and remember information about your visit — such as your login session or language preference.
Cookies may be placed by us directly (first-party cookies) or by third-party services we embed (third-party cookies). Some expire when you close your browser (session cookies); others remain for a defined period (persistent cookies).
Under §25 TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz) and the EU General Data Protection Regulation (GDPR), we must obtain your prior consent before placing any cookies on your device — except those strictly necessary for the service to function.
2. Data Controller
NoCFO Oy · Business ID: 3149769-7 · c/o A Grid, PO Box 13300, FI-00076 AALTO, Finland · Email: info@nocfo.io
3. Types of Cookies We Use
3.1 Essential Cookies — No Consent Required
Strictly necessary for the website and our platform to function. They enable user authentication, session management, and security. Legal basis: §25(2) No. 2 TDDDG and Art. 6(1)(b) GDPR. You cannot opt out while using the service.
session_id — NoCFO — Maintains your logged-in session — Expiry: Session
csrf_token — NoCFO — CSRF attack protection — Expiry: Session
cookie_consent — NoCFO — Stores your cookie preferences — Expiry: 12 months
locale — NoCFO — Remembers language preference — Expiry: 12 months
3.2 Analytics Cookies — Consent Required
Help us understand how visitors use our website and product. Legal basis: §25(1) TDDDG and Art. 6(1)(a) GDPR. Only placed after you actively accept them. US data transfers are based on EU Standard Contractual Clauses (Art. 46 GDPR).
_ga — Google Analytics — Distinguishes unique users — Expiry: 2 years
_ga_XXXXXX — Google Analytics — Session state tracking — Expiry: 2 years
ph_* — PostHog — Product analytics and event tracking — Expiry: 1 year
Privacy policies: policies.google.com/privacy · posthog.com/privacy
3.3 Marketing Cookies — Consent Required
Used for targeted advertising, campaign measurement, and cross-site interest profiling. Legal basis: §25(1) TDDDG and Art. 6(1)(a) GDPR. Only placed after you actively accept them.
_fbp — Meta Pixel — Ad conversion tracking and retargeting — Expiry: 3 months
_gcl_au — Google Ads — Conversion tracking from Google Ads — Expiry: 90 days
intercom-* — Intercom — Customer messaging widget — Expiry: 9 months
Privacy policies: facebook.com/privacy/policy · policies.google.com/privacy · intercom.com/legal/privacy
4. Legal Basis Summary
Essential cookies: §25(2) No. 2 TDDDG · Art. 6(1)(b) GDPR — contract performance
Analytics cookies: §25(1) TDDDG · Art. 6(1)(a) GDPR — consent
Marketing cookies: §25(1) TDDDG · Art. 6(1)(a) GDPR — consent
5. Managing Your Cookie Preferences
5.1 Via Our Cookie Banner
On your first visit, a consent banner will appear. You may choose to Accept all, select Essential only, or open Cookie settings to configure each category individually. You can change your choice at any time via the Cookie Settings link in the footer. Preferences are stored for 12 months.
5.2 Via Your Browser
You can manage or delete cookies through your browser settings. Note that disabling cookies may affect some site functionality.
Chrome: Settings → Privacy and security → Cookies
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions
5.3 Direct Opt-Out Links
Google Analytics opt-out: tools.google.com/dlpage/gaoptout
Google Ads personalisation: adssettings.google.com
Meta ad preferences: facebook.com/ads/preferences
NAI opt-out (multiple networks): optout.networkadvertising.org
6. Withdrawing Your Consent
You may withdraw consent for non-essential cookies at any time, free of charge and without giving reasons.
1. Click Cookie Settings in the footer of any page on our website, or
2. Contact us at info@nocfo.io with subject line: Cookie Consent Withdrawal
Withdrawal does not affect the lawfulness of any processing carried out before withdrawal. Previously stored cookies can be deleted via your browser settings (see Section 5.2).
7. Data Retention
Consent preferences are stored for up to 12 months. Personal data collected via analytics or marketing cookies is retained per each provider's own privacy policy. You may request erasure under Art. 17 GDPR by contacting info@nocfo.io.
8. Your Rights Under GDPR
As a data subject, you have the following rights:
Access (Art. 15) — request a copy of your personal data
Rectification (Art. 16) — correct inaccurate data
Erasure (Art. 17) — request deletion of your data
Restriction (Art. 18) — limit how we process your data
Portability (Art. 20) — receive your data in a portable format
Object (Art. 21) — object to processing based on legitimate interests
Withdraw consent (Art. 7(3)) — at any time, without penalty
To exercise any right, contact info@nocfo.io. You also have the right to lodge a complaint with a supervisory authority. German data protection authorities: bfdi.bund.de.
9. Changes to This Policy
We may update this Cookie Policy to reflect changes in technology, law, or our services. Significant changes will be communicated via the consent banner on your next visit. The current version is always available at nocfo.de/cookies.
10. Contact
NoCFO Oy · c/o A Grid, PO Box 13300, FI-00076 AALTO, Finland · info@nocfo.io · nocfo.de