Cookie Policy
Effective: March 19, 2026
Machestra | machestra.com
Contact: support@machestra.com
This Cookie Policy explains how Machestra uses cookies and similar technologies when you use our website and production scheduling platform.
This policy should be read together with our Terms of Service, Privacy Policy, and Security Policy.
1. What Are Cookies
Cookies are small text files stored on your computer, tablet, or mobile device when you visit a website.
Cookies allow a website to recognize your device and remember certain information about your visit, such as authentication status, security checks, or preferences.
Cookies are commonly used to enable core website functionality and improve security.
2. Why Machestra Uses Cookies
Machestra uses cookies for two purposes:
- Authentication and security (essential): authenticate logged-in users, maintain secure sessions, protect against automated attacks, ensure only authorized users access company data.
- Product analytics (non-essential): understand how visitors use our website so we can identify usability issues and improve the product. We use Microsoft Clarity for this. See Section 5 for full details.
Authentication and security cookies are essential for the service to function. Analytics cookies are not essential, and you can opt out by emailing support@machestra.com.
Machestra does not use cookies for advertising or marketing.
3. Cookie Inventory
The following table lists all cookies currently used by Machestra.
| Cookie Name | Provider | Purpose | Type | Expiry |
|---|---|---|---|---|
| access_token | machestra.com | Authenticates API requests and verifies user identity and permissions | HTTP-only, Secure, First-party | 5 minutes |
| refresh_token | machestra.com | Maintains user session by issuing new access tokens without requiring re-login | HTTP-only, Secure, First-party | 7 days (default) or 30 days with "Remember Me" |
| __cf_bm | Cloudflare | Bot management cookie used to distinguish humans from automated traffic and prevent DDoS attacks | HTTP-only security cookie | 30 minutes |
| cf_clearance | Cloudflare | Records that a user has passed a Cloudflare security challenge | HTTP cookie | Up to 1 year |
| _clck | Microsoft Clarity | Persists the Clarity user ID so visits are associated with the same user | First-party analytics | 1 year |
| _clsk | Microsoft Clarity | Connects multiple page views into a single Clarity session recording | First-party analytics | 1 day |
| CLID | Microsoft Clarity (.clarity.ms) | Identifies the first time Clarity saw this browser on any site using Clarity | Third-party analytics | 1 year |
The Microsoft Clarity cookies are non-essential. The remaining cookies are essential for authentication and security.
4. Essential Cookies Explained
The authentication and security cookies below are strictly necessary for Machestra to operate. The Microsoft Clarity cookies described in Section 5 are non-essential and can be opted out.
Access Token Cookie
The access_token cookie authenticates each request made to the Machestra API.
This cookie contains a signed JSON Web Token (JWT) which includes:
- User ID
- Company ID
- User role (admin, manager, operator)
The token does not contain sensitive information such as passwords.
It expires after 5 minutes, reducing the risk of session theft.
Refresh Token Cookie
The refresh_token cookie allows the application to issue new access tokens without forcing users to log in repeatedly.
This cookie:
- Maintains a secure authenticated session
- Improves usability while maintaining strong security controls
Expiration:
- 7 days (standard session)
- 30 days if the user selects "Remember Me" at login
__cf_bm (Cloudflare)
This cookie is set by Cloudflare's bot management system.
It helps identify automated traffic and prevents malicious bots from accessing the platform. This protects the service from abuse and denial-of-service attacks.
Expiration: 30 minutes
cf_clearance (Cloudflare)
This cookie is set when a visitor successfully passes a Cloudflare security challenge.
It confirms that the user has been verified as legitimate traffic.
Expiration: up to 1 year, depending on Cloudflare configuration.
5. Third-Party Cookies
Google OAuth Authentication
If a user chooses to sign in using Google Sign-In, Google may set cookies on the domains accounts.google.com and google.com.
These cookies facilitate the OAuth 2.0 authentication process.
Important notes:
- These cookies are controlled by Google, not Machestra
- They are only present during the Google login flow
- They are governed by Google's privacy policies
If you do not wish to interact with Google cookies, you can log in using email and password instead.
Microsoft Clarity (Behavioral Analytics)
We use Microsoft Clarity to understand how visitors interact with our website. Clarity captures session recordings, heatmaps, click and scroll behavior, and basic device information so we can identify usability issues and improve the product.
Clarity sets first-party cookies (_clck, _clsk) on our domain to identify the user and stitch page views into recordings, and a third-party cookie (CLID) on .clarity.ms for first-time visitor detection.
Clarity normally also pings c.bing.com to sync the visitor with Microsoft's cross-site advertising identity graph (used for Microsoft Advertising). We block this request via our Content Security Policy. The Microsoft advertising-identity sync does not happen on Machestra.
Important notes:
- Form inputs are masked by default; we do not capture what you type into form fields
- Clarity is GDPR and CCPA compliant
- Behavioral data captured by Clarity is sent to Microsoft servers and handled under the Microsoft Privacy Statement
- To opt out of recordings, email support@machestra.com
6. Other Storage Technologies
Service Worker (Push Notifications)
Machestra may register a service worker (sw-push.js) when a user opts into push notifications.
This service worker is used solely to:
- Receive push notifications
- Display system alerts (such as job updates or machine status changes)
The service worker does not track users or store personal data.
Browser Storage
Machestra follows strict storage practices:
- Authentication tokens are never stored in localStorage or sessionStorage
- Tokens are stored only in HTTP-only secure cookies, which cannot be accessed by JavaScript
This protects users from cross-site scripting (XSS) attacks.
Minimal sessionStorage may occasionally be used to temporarily store UI state (for example, unsaved form data). No personal information is stored there.
7. Technologies We Do NOT Use
Machestra intentionally avoids many tracking technologies commonly used by websites. We do not use:
- Advertising cookies
- Google Ads tracking
- Facebook Pixel
- LinkedIn Insight Tag
- Google Analytics
- Mixpanel
- Amplitude
- Marketing cookies
- Social media tracking cookies
- Cross-site advertising identity sync (we block Microsoft's
c.bing.comidentity pixel that Clarity normally calls) - Device fingerprinting
- Canvas fingerprinting
- Third-party data brokers
We do use Microsoft Clarity for product analytics (session recordings and heatmaps). See Section 5 for full details.
8. How to Manage Cookies
Most browsers allow you to control or delete cookies through browser settings.
However, because Machestra relies on cookies for authentication and security, disabling cookies will prevent the platform from functioning.
Instructions for common browsers:
- Google Chrome: Settings → Privacy and Security → Cookies and Other Site Data
- Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data
- Apple Safari: Settings → Privacy → Manage Website Data
- Microsoft Edge: Settings → Cookies and Site Permissions → Manage Cookies
- Mobile Browsers: Consult your mobile browser's help documentation for cookie settings
9. Impact of Disabling Cookies
Machestra requires cookies to function. If cookies are disabled:
- Users cannot log in
- Authentication cannot be maintained
- API requests cannot be verified
- The platform will not operate correctly
There is no cookie-free version of the service, because authentication cookies are required to protect company data.
10. Cookie Consent
Under the EU ePrivacy Directive, cookies that are strictly necessary to provide a service requested by the user do not require consent. Authentication and security cookies on Machestra fall into this category.
The Microsoft Clarity analytics cookies described in Section 5 are not strictly necessary. Microsoft Clarity enforces consent signal requirements for visitors in the European Economic Area (EEA), United Kingdom, and Switzerland: in these regions, Clarity will not set its cookies or capture recordings unless a valid consent signal is provided. Outside these regions, Clarity cookies are set by default.
To opt out of Clarity recordings, email support@machestra.com.
11. Updates to This Cookie Policy
We may update this Cookie Policy from time to time. If changes are significant, we will notify users through:
- Email notification
- In-app notification
- Updates to the Effective Date at the top of this page
Continued use of the service after updates indicates acceptance of the revised policy.
12. Contact
If you have questions about this Cookie Policy, please contact us.
Email: support@machestra.com