This Cookie Notice explains the cookies and other client-side storage that Pondria, operated by Velta BV (“Velta”, “we”, “us”), uses, and why. It is the detailed companion to the cookies-and-storage section of our Privacy Policy, and the two are kept in step. Pondria is a business tool delivered only through an authenticated account.
1. No tracking or advertising cookies
Pondria sets no advertising or tracking cookies, and performs no cross-site or cross-device tracking. There are no third-party marketing tags, no advertising pixels, and no fingerprinting. Our error-monitoring tool, Sentry, runs with detailed personal-data collection and Session Replay switched off, so it never records your screen or replays your session. What Pondria measures is overall site usage, together with a few product-milestone events, through the privacy-friendly, cookieless web analytics described in the next section.
2. First-party, cookieless web analytics
To understand how the site is used, and how well it serves the people who visit, Pondria uses Vercel Web Analytics. It is cookieless: it sets no cookies, writes nothing to your browser storage, uses no persistent identifier, and never tracks you across other sites or devices. It is served first-party from the Pondria domain, so your visit is not shared with any third-party advertising network. Visitors are counted using a temporary, privacy-preserving signal that is discarded every day and cannot be traced back to a person. What is measured is aggregate site usage such as page views and referrers, together with a few product-milestone events (for example starting or completing signup, or creating your first people and allocations), never a profile of you. To do this the script reads only the standard request signals your browser already sends, such as the page address, the referring page, and your browser’s user-agent; it writes nothing to your device and sets no storage of its own, so it needs no consent banner (see section 4).
3. What Pondria stores
Every entry below is strictly first-party (set by Pondria itself, never a third-party domain). We store only what is strictly necessary to run the Service or functional to remember your preferences:
| Item | Category | Purpose | Duration |
|---|---|---|---|
| HttpOnly session cookie | Strictly necessary | Authentication (keeps you signed in) | Session |
| localStorage: theme | Functional | Remembers your light or dark theme | Until changed |
| localStorage: last organization | Functional | Remembers your last-selected organization | Until changed |
| localStorage: language | Functional | Remembers your language preference | Until changed |
| sessionStorage: OAuth-state nonce | Strictly necessary | CSRF protection on social sign-in (OAuth) | Minutes (cleared after sign-in) |
| sessionStorage: chunk-reload guard | Strictly necessary | Recovers from a stale app version after a deploy, without reload loops | Session |
The session cookie is the only actual cookie. The other items are browser storage (localStorage and sessionStorage), which the ePrivacy rules treat the same way as cookies, so they are disclosed here too.
4. Why there is no cookie banner
Under the ePrivacy Directive and the GDPR, consent is required before information is stored on, or read from, your device, unless that storage is either strictly necessary to deliver a service the user has asked for or purely functional. The web analytics described above is cookieless: it sets no cookies, writes nothing to your device, uses no persistent identifier, and does no cross-site tracking. It neither stores information on, nor reads information already stored in, your device, so the consent trigger for storing or accessing information does not apply to it. Every item listed in the table above is strictly necessary or functional, and the analytics sets no storage at all, so no consent banner is required, and this notice serves as the disclosure instead.
5. Changes to this notice
We may update this Cookie Notice from time to time. The “Last updated” date at the top of this page reflects the latest revision. For any question, email help@pondria.ai. See also our Privacy Policy.
Note for maintainers
If any new client-side cookie, localStorage, or sessionStorage entry is introduced, update this Cookie Notice and the Privacy Policy to list it, and re-evaluate its category. New storage that is not strictly necessary or functional (for example advertising, or analytics that sets cookies) would require user consent and a consent banner before it may be set.