legal · cookies
Cookie Policy
Essential & preference cookies
These cookies are either strictly necessary for the site and portals to work, or are set in direct response to something you do — choosing a language, dismissing a banner, toggling a menu, or picking a location filter. Because they deliver a function you asked for, they do not require consent, but we list them here for transparency.
| Name | Purpose | Duration | Party |
|---|---|---|---|
| kora_consent | Stores your cookie choices (Accept / Reject / Customize). | 1 year | First-party |
| kora_locale | Remembers your language preference (English, Italian, or Romanian). | 1 year | First-party |
| kora_smart_banner_dismissed | Hides the mobile app-install banner after you dismiss it. | 30 days | First-party |
| sidebar_state | Remembers whether the merchant or admin sidebar is expanded or collapsed. Set only inside the portals. | 7 days | First-party |
| kora_merchant_location_id | Remembers the location filter you selected in the merchant portal. | 1 year | First-party |
| kora-merchant-auth-* | Keeps you securely signed in to the merchant portal (/m). HttpOnly, Secure, and scoped to /m so it cannot be reused elsewhere. Set only when a merchant logs in. | Sign-in session | First-party (Supabase) |
| kora-admin-auth-* | Keeps you securely signed in to the admin area (/admin). HttpOnly, Secure, and scoped to /admin. Set only when an administrator logs in. | Sign-in session | First-party (Supabase) |
The sign-in cookies are managed by our authentication provider, Supabase. Their lifetime follows your sign-in session rather than a fixed date, and the merchant and admin cookies are scoped to separate paths so a session in one area cannot be used in the other.
Analytics cookies
Analytics help us understand which pages and calls-to-action work, in aggregate and without identifying you. They are off by default and run only after you accept the analytics category in the cookie banner.
When you opt in, we load Amplitude, our product-analytics provider, on this website. We turn its “autocapture” off — Amplitude never silently records page text, what you type, or form contents — and analytics data is processed in Amplitude’s EU server zone.
After you opt in, we send only a small set of aggregate events: which app-store badge or call-to-action you click (and where on the page), when you start a merchant sign-up, and the topic you choose on the contact form. We never send your name, email address, or message to Amplitude. To count these events, Amplitude stores a first-party device and session identifier in your browser.
Analytics never runs until you opt in, and it stays dormant in any environment where no analytics key is configured — so no analytics storage is set unless and until you accept analytics and the tool is live.
Marketing cookies
Reserved category. Kora loads no marketing or advertising scripts today — there are no ad pixels, retargeting tags, or social-tracking scripts anywhere on the site. If we ever add them, they will be strictly opt-in and listed here with their name, purpose, and duration before they load.
How to change your preferences
You can re-open the cookie preferences at any time from the “Manage cookies” link in the site footer, or from the button below.
You can also manage cookies at the browser level — see your browser’s documentation for how. Clearing cookies resets your consent to the default (essential and preference only). On our mobile app, analytics is likewise governed by your in-app consent, and the app uses on-device storage rather than browser cookies.
Contact
Questions about cookies? Write to privacy@koraexperiences.com or use the contact form under “Legal / Privacy”.