FerrLabs uses a minimal set of cookies, exclusively functional and security-related. No advertising cookie, no third-party marketing tracker is set on any FerrLabs domain.
Cookies set by FerrLabs
| Name | Purpose | Lifetime | Consent |
|---|---|---|---|
fl_session | Session JWT — keeps you signed in across pages of the FerrLabs apps. HMAC-signed, HTTP-only, SameSite=Lax. | Sliding 30 days | Strictly necessary — no consent required. |
fl_csrf | Anti-CSRF token for sensitive POST/PATCH requests in the apps. | Session | Strictly necessary — no consent required. |
fl_lang | Persists your language preference (en / fr) across pages. | 1 year | Strictly necessary — no consent required. |
Local storage
The web apps (app.ferrlabs.com, product apps) use localStorage
— technically distinct from cookies, governed by the same GDPR principles — to:
ferrlabs_token/ferr*_token— cache the session JWT for instant UI render on reload.ferrlabs_ui— UI preferences (sidebar collapsed, theme, …).
Local storage data never leaves your device. Clearing browser storage removes it immediately.
Third-party cookies
During payment, Stripe may set third-party cookies necessary for transaction security and fraud prevention. These cookies are managed by Stripe and governed by its own privacy policy. They are set only on the checkout page when you initiate a payment.
Web analytics
No third-party analytics tracker (Google Analytics, Plausible Cloud, Mixpanel, Segment, …) is currently deployed on any FerrLabs marketing site or app. If we add one, we will request explicit consent through a cookie banner before it is loaded, and update this page accordingly.
Managing cookies
Strictly necessary cookies cannot be refused without making the FerrLabs apps unusable (you would not stay signed in). You can clear them anytime from your browser settings.
For any question: privacy@ferrlabs.com. See also the full privacy policy.
French version: Politique cookies.