Cookie Policy

Last updated: 15 April 2026

This policy explains how Kuppel uses cookies and similar technologies on the kuppel.app website. Kuppel Ltd is the data controller for cookies it sets on kuppel.app. Where a third party such as Cloudflare or Google sets a cookie or receives data on our site, that third party acts as an independent controller for the data it collects.

1. What cookies are

Cookies are small text files placed on your device by a website you visit. They are widely used to make websites work, to make them work more efficiently, and to provide information to the site owner. Cookies are typically split into two groups: strictly necessary cookies, which a site cannot function properly without, and optional cookies, which are used for things like analytics, personalisation, or advertising and which require your consent.

This policy covers the kuppel.app website. Storage of information by the Kuppel mobile app is described in our Privacy Policy.

2. Cookies we use

We only use strictly necessary cookies. These are required to keep the site secure and to allow the contact form to work safely.

These cookies fall within the exemption at Regulation 6(4) of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR), as they are strictly necessary for the provision of the kuppel.app website you have requested.

Cookie	Set by	Purpose	Lifetime	Type
`__cf_bm`	Cloudflare	Distinguishes humans from automated bots to protect the site from abuse.	30 minutes (refreshed on activity)	Strictly necessary
`cf_clearance`	Cloudflare	Records that a visitor has passed a Cloudflare security challenge. Only set if you were challenged.	30 minutes	Strictly necessary

All cookies in the table above are first-party cookies on the kuppel.app domain (Cloudflare cookies are set via the Cloudflare proxy in front of our site, not by an embedded third-party widget). None of these cookies identify you personally or track you across other websites. Cloudflare's cookies are governed by Cloudflare's own cookie policy.

3. Cookies we do not use

No cookie set on kuppel.app is used for analytics, advertising, social tracking, A/B testing, or session replay. Other technologies used by this site that fall within PECR Regulation 6 are described in Section 4 below.

4. Similar technologies

PECR Regulation 6 covers any storage of, or access to, information on your device (not only cookies). The following non-cookie technologies are used on kuppel.app. Each is strictly necessary for the service the visitor has requested.

4.1 Cloudflare Turnstile (contact form)

The contact form on the support page uses Cloudflare Turnstile to distinguish humans from automated bots. When you load the support page, Turnstile reads characteristics of your browser (a fingerprint) and your IP address. Turnstile may set short-lived cf_chl_* cookies on the challenges.cloudflare.com domain during a challenge flow; it does not set a cookie on kuppel.app. Strictly necessary under PECR Regulation 6(4) because the contact form cannot operate without bot protection. See the Cloudflare entry on our Sub-processors page for the data flow.

4.2 Cloudflare Web Analytics (cookieless beacon)

Every page on kuppel.app loads a small script that reports the page URL, referrer, page-load timing, and your IP address to Cloudflare for aggregated visitor analytics. The script does not set a cookie and does not store any identifier on your device. We use the aggregated counts to understand which marketing pages are working. See the Cloudflare entry on our Sub-processors page for the data flow.

4.3 Referral-link landings

If you reach kuppel.app by following a friend's referral link, the page at /connect-page reads your browser language, time zone, screen width and height, and user-agent string, and generates a one-time identifier (a click ID). None of these are stored on your device: there is no cookie, no localStorage, and no sessionStorage entry created. The fingerprint and click ID are sent to api.kuppel.app so that, if you install the Kuppel app, we can match you to the friend who invited you. Strictly necessary under PECR Regulation 6(4) because deferred attribution is the service you requested by clicking the link. See our Privacy Policy for what happens to this data on the API side.

The cookieless page-view beacon described in Section 4.2 also loads on this page; it does not interact with the click ID or fingerprint described above, and it stores nothing on your device.

4.4 Web fonts

Fonts on kuppel.app are served from the kuppel.app domain. No data is sent to a third-party font provider when you load this site.

kuppel.app does not use localStorage or sessionStorage.

5. How to control cookies

Every modern browser lets you block or delete cookies through its settings. Step-by-step instructions for each browser are kept up to date at allaboutcookies.org.

Because we only use strictly necessary cookies, there is nothing here to opt out of for tracking purposes. If you choose to block these cookies in your browser, parts of the site may stop working: the contact form may fail to submit, and Cloudflare's bot protection may show you a challenge screen on every visit.

If you visit kuppel.app from a mobile device, your browser's cookie controls are usually found in the operating system's Settings app (under Safari on iOS, or Chrome's site settings on Android) rather than in the browser itself.

6. Changes to this policy

We may update this policy from time to time. If we make significant changes, we will update the "last updated" date at the top of this page, and we will notify you through the app or by email at least 14 days before the changes take effect. The version on this page is always the current version.

7. Contact

If you have any questions about this policy or about the cookies we use, please visit our support page or email legal@kuppel.app.

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office at ico.org.uk.