Talkala Cookie Policy

Essential authentication and security cookies

These cookies keep sign-in and account-security flows working. Blocking them can prevent sign-in, disrupt returning from Google sign-in, or stop short verification steps during account creation.

• Sign-in session and protection cookies keep you authenticated, secure account access when you reload pages, and support Google sign-in when you enable it.
• A signed, HTTP-only cookie (about 10 minutes) carries policy acceptance while you finish creating an account or continue with Google sign-in.
• A signed, HTTP-only cookie (about 12 hours) is added after emailed owner verification succeeds for trusted administrators.

Preference cookies and local storage

These entries remember how the interface should look or behave on your browser. They do not build an advertising profile.

• Desktop sidebar open/collapsed state uses both a cookie and a local preference; the cookie can last up to one year.
• Dialer cleanup preference on desktop uses similar storage patterns and can persist up to one year.
• Light/dark/system theme stays until you change it or delete browser storage.
• Dialer remembers your destination-country preferences locally so repeat visits are faster.
• Profile display tweaks are cached locally after you edit them.
• Owner dashboards can pin important accounts for that browser only.

Temporary storage and cross-tab sync

Talkala also uses short-lived or event-style storage so different parts of the page stay coordinated. Nothing here is intended as permanent account data.

• Session-only browser storage remembers that you already signed in so public-site buttons can behave correctly during that visit.
• Smart Auto Top-up uses a fleeting local cue so another tab hears about setting changes instantly, then clears it.
• Older contact records saved only in legacy browser storage may be read once during migration and discarded.

Analytics and advertising

Talkala uses first-party oriented, hosted analytics to understand aggregate public-page traffic and navigation. That analytics tooling does not add third-party analytics cookies and is used for aggregate statistics, not behavioral advertising or retargeting.

• No advertising pixels are currently used.
• No cross-site retargeting cookie stack is currently used.
• Analytics should not be used to send personal contact details, payment identifiers, message content, or account secrets.

Cloudflare Turnstile security checks

When configured, Talkala uses Cloudflare Turnstile on public and account-security forms so automated scripts cannot overwhelm sign-up, password, verification, or contact flows. The check may observe typical automated-test signals—for example coarse network cues and basic browser fingerprints—similar to mainstream bot protections.

Consent and essential storage

Storage that is strictly necessary for signing in, security checks, onboarding steps that confirm policy acceptance, fraud prevention, day-to-day account operation, or personal choices you opted into is treated as essential or preference storage. Talkala does not currently run a separate advertising-cookie banner because it does not use advertising or behavioral-tracking cookies today. If that changes later, this policy and consent flows must expand first.

What happens if you block or clear storage

Sign-in can fail, sessions can end early, Google sign-in can lose its return step, automated security checks can fail, administrator verification cookies can expire sooner than expected, and saved preferences can reset. Clearing browser storage does not delete server-side account, billing, call, number, contact, SMS, support, or wallet records.