Cookie Policy

Effective: March 19, 2026

Machestra | machestra.com

Contact: support@machestra.com

This Cookie Policy explains how Machestra uses cookies and similar technologies when you use our website and production scheduling platform.

This policy should be read together with our Terms of Service, Privacy Policy, and Security Policy.

1. What Are Cookies

Cookies are small text files stored on your computer, tablet, or mobile device when you visit a website.

Cookies allow a website to recognize your device and remember certain information about your visit, such as authentication status, security checks, or preferences.

Cookies are commonly used to enable core website functionality and improve security.

2. Why Machestra Uses Cookies

Machestra uses cookies only for authentication and security purposes.

Our cookies allow the platform to:

  • Authenticate logged-in users
  • Maintain secure sessions
  • Protect the platform from automated attacks and malicious traffic
  • Ensure only authorized users can access company data

Because Machestra is a secure business application, these cookies are essential for the service to function.

Machestra does not use cookies for advertising, marketing, or analytics tracking.

3. Cookie Inventory

The following table lists all cookies currently used by Machestra.

Cookie Name Provider Purpose Type Expiry
access_token machestra.com Authenticates API requests and verifies user identity and permissions HTTP-only, Secure, First-party 5 minutes
refresh_token machestra.com Maintains user session by issuing new access tokens without requiring re-login HTTP-only, Secure, First-party 7 days (default) or 30 days with "Remember Me"
__cf_bm Cloudflare Bot management cookie used to distinguish humans from automated traffic and prevent DDoS attacks HTTP-only security cookie 30 minutes
cf_clearance Cloudflare Records that a user has passed a Cloudflare security challenge HTTP cookie Up to 1 year

4. Essential Cookies Explained

All cookies used by Machestra are strictly necessary for the operation and security of the service.

Access Token Cookie

The access_token cookie authenticates each request made to the Machestra API.

This cookie contains a signed JSON Web Token (JWT) which includes:

  • User ID
  • Company ID
  • User role (admin, manager, operator)

The token does not contain sensitive information such as passwords.

It expires after 5 minutes, reducing the risk of session theft.

Refresh Token Cookie

The refresh_token cookie allows the application to issue new access tokens without forcing users to log in repeatedly.

This cookie:

  • Maintains a secure authenticated session
  • Improves usability while maintaining strong security controls

Expiration:

  • 7 days (standard session)
  • 30 days if the user selects "Remember Me" at login

__cf_bm (Cloudflare)

This cookie is set by Cloudflare's bot management system.

It helps identify automated traffic and prevents malicious bots from accessing the platform. This protects the service from abuse and denial-of-service attacks.

Expiration: 30 minutes

cf_clearance (Cloudflare)

This cookie is set when a visitor successfully passes a Cloudflare security challenge.

It confirms that the user has been verified as legitimate traffic.

Expiration: up to 1 year, depending on Cloudflare configuration.

5. Third-Party Cookies

Google OAuth Authentication

If a user chooses to sign in using Google Sign-In, Google may set cookies on the domains accounts.google.com and google.com.

These cookies facilitate the OAuth 2.0 authentication process.

Important notes:

  • These cookies are controlled by Google, not Machestra
  • They are only present during the Google login flow
  • They are governed by Google's privacy policies

If you do not wish to interact with Google cookies, you can log in using email and password instead.

6. Other Storage Technologies

Service Worker (Push Notifications)

Machestra may register a service worker (sw-push.js) when a user opts into push notifications.

This service worker is used solely to:

  • Receive push notifications
  • Display system alerts (such as job updates or machine status changes)

The service worker does not track users or store personal data.

Browser Storage

Machestra follows strict storage practices:

  • Authentication tokens are never stored in localStorage or sessionStorage
  • Tokens are stored only in HTTP-only secure cookies, which cannot be accessed by JavaScript

This protects users from cross-site scripting (XSS) attacks.

Minimal sessionStorage may occasionally be used to temporarily store UI state (for example, unsaved form data). No personal information is stored there.

7. Technologies We Do NOT Use

Machestra intentionally avoids many tracking technologies commonly used by websites. We do not use:

  • Advertising cookies
  • Google Ads tracking
  • Facebook Pixel
  • LinkedIn Insight Tag
  • Google Analytics
  • Mixpanel
  • Amplitude
  • Hotjar
  • Marketing cookies
  • Social media tracking cookies
  • Cross-site tracking
  • Device fingerprinting
  • Canvas fingerprinting
  • Cookie syncing with advertising networks
  • Third-party data brokers

We do not track users for advertising or behavioral profiling.

8. How to Manage Cookies

Most browsers allow you to control or delete cookies through browser settings.

However, because Machestra relies on cookies for authentication and security, disabling cookies will prevent the platform from functioning.

Instructions for common browsers:

  • Google Chrome — Settings → Privacy and Security → Cookies and Other Site Data
  • Mozilla Firefox — Settings → Privacy & Security → Cookies and Site Data
  • Apple Safari — Settings → Privacy → Manage Website Data
  • Microsoft Edge — Settings → Cookies and Site Permissions → Manage Cookies
  • Mobile Browsers — Consult your mobile browser's help documentation for cookie settings

9. Impact of Disabling Cookies

Machestra requires cookies to function. If cookies are disabled:

  • Users cannot log in
  • Authentication cannot be maintained
  • API requests cannot be verified
  • The platform will not operate correctly

There is no cookie-free version of the service, because authentication cookies are required to protect company data.

10. Cookie Consent

Under the EU ePrivacy Directive, cookies that are strictly necessary to provide a service requested by the user do not require consent.

All cookies used by Machestra fall into the strictly necessary category, because they are required for:

  • Authentication
  • Session management
  • Platform security

For this reason, Machestra does not display a cookie consent banner.

However, we provide this Cookie Policy for full transparency.

If we introduce any non-essential cookies in the future (such as analytics or marketing tools), we will implement a cookie consent mechanism before doing so.

11. Updates to This Cookie Policy

We may update this Cookie Policy from time to time. If changes are significant, we will notify users through:

  • Email notification
  • In-app notification
  • Updates to the Effective Date at the top of this page

Continued use of the service after updates indicates acceptance of the revised policy.

12. Contact

If you have questions about this Cookie Policy, please contact us.

Email: support@machestra.com