Legal
Cookie Policy
Last updated: 18 July 2026
1. Introduction
This Cookie Policy explains how Quiteful (“we”, “our” or “us”) uses cookies and similar
technologies on our marketing website, our customer dashboard at /admin, and on the public-facing menus
we serve on behalf of our customers. It should be read alongside our
Privacy Policy.
You can review or change your choices at any time using the Cookies button in the bottom-left corner of any page.
2. What cookies are
Cookies are small text files that a website asks your browser to store on your device. They let the site remember
information about your visit — that you're signed in, what your preferences are, or how many times you've seen
a particular message. We also use related technologies (localStorage, sessionStorage) for
the same purposes; we treat them the same way in this policy.
3. How we use cookies
We use cookies for three reasons:
- To keep the service working — staying signed in, remembering which tenant you're acting on, CSRF protection.
- To understand what works — anonymised, aggregated product analytics so we know which features get used and where to invest engineering time.
- To remember your preferences — including your cookie choices, your dashboard theme, and small UI state like an open/closed sidebar.
We do not use cookies for advertising, profiling for resale, or cross-site tracking.
4. Cookie categories
Strictly necessary
Required to operate the site. These cannot be switched off — without them you can't sign in, submit forms or navigate the dashboard. No consent is required under UK GDPR / PECR for strictly necessary cookies.
Functional & preferences
Remember your choices (cookie preferences, sidebar state, theme). Set only after you interact with the site. Stored locally in your browser.
Analytics & product insight
Anonymised usage data so we can see how the product is used in aggregate. Only set after you opt in via the cookie banner.
5. Cookies we set
The exact set of cookies depends on which part of Quiteful you use. The most common are listed below.
Marketing site (this website)
| Name | Purpose | Category | Duration |
|---|---|---|---|
qf-cookie-consent (localStorage) | Remembers your cookie preferences so we don't re-ask. | Necessary | Until cleared |
XSRF-TOKEN | CSRF protection for form submissions (contact, sign-up). | Necessary | Session |
The marketing pages are served cache-friendly and do not set a session cookie for ordinary visitors. The CSRF cookie is set only when you interact with a form.
Customer dashboard (/admin & signed-in routes)
| Name | Purpose | Category | Duration |
|---|---|---|---|
quiteful_session | Keeps you signed in. Encrypted, HTTP-only, SameSite=Lax. | Necessary | ~2 hours of inactivity |
XSRF-TOKEN | CSRF protection for dashboard actions. | Necessary | Session |
remember_web_* | Set only if you tick “Remember me” at login. Encrypted. | Necessary | Up to 5 years |
filament_* (localStorage) | Filament admin UI preferences (sidebar collapsed, dark/light mode, table density). | Functional | Until cleared |
6. Third-party cookies
Quiteful uses a small number of trusted third-party services. Each one is described below with the consent basis we rely on.
- Microsoft Clarity — product analytics and session replay. Only loaded after you opt in to the “Analytics & product insight” category. Clarity automatically masks form inputs and personal data. See the Microsoft Privacy Statement.
- Stripe — processes subscription payments. Stripe sets its own cookies on the secure checkout
iframe to detect fraud (e.g.
__stripe_mid,__stripe_sid). These load only when you interact with billing and are necessary for payment to function. See Stripe's Cookie Settings. - Cloudflare — fronts the service for caching and DDoS protection. May set a
__cf_bmbot-management cookie which is classified as strictly necessary for site security.
7. Cookies on public menus
When a guest scans a QR code or visits a customer's public menu, Quiteful's own cookies are minimal: a CSRF token
only if the page contains an interactive form (e.g. feedback), and a small localStorage entry
remembering the guest's allergen filter so they don't have to set it again on the same device.
Individual Quiteful customers may enable their own analytics on their menu (currently: Microsoft Clarity, configured per tenant in the dashboard). When enabled by the customer, our banner will respect the same opt-in/opt-out signal recorded on this site. Where Quiteful is acting as the data processor (rather than controller), any additional cookie disclosure is the responsibility of the operating venue.
8. Your consent and choices
We ask for your consent the first time you visit. You have three choices:
- Accept all — allows strictly necessary cookies and analytics.
- Reject non-essential — only strictly necessary cookies are set.
- Preferences — choose categories individually.
Your decision is remembered in localStorage as qf-cookie-consent. To change it later, click
the Cookies button in the bottom-left corner of any page.
9. Managing cookies in your browser
You can block or delete cookies through your browser settings. Doing so may break parts of the dashboard (e.g. you won't stay signed in). Guides:
10. Do Not Track
Browsers can send a Do Not Track (DNT) header. There is no industry standard for what to do with it, so we honour the explicit choice you make in our cookie banner rather than relying on DNT.
11. Changes to this policy
If we materially change which cookies we use, we will update this page and bump the consent version so you're asked again. Minor clarifications may be made without re-prompting.
12. Contact us
Questions about cookies or this policy?
- Email: support@quiteful.com
- Contact form: /contact