DroneField Cookie Policy

Effective Date: 12 May 2026 Version: 1.0 Document ID: COOKIES-DRONEFIELD-v1.0 Language: English (binding)

Introduction
What Are Cookies and Similar Technologies
Why We Use Cookies
Cookies We Set on the Portal
Cookies We Set on the Documentation Site
Cookies and Trackers We Do NOT Set
Browser Local Storage
Third-Party Cookies
How Long Cookies Last
How to Manage and Disable Cookies
Children
Changes to this Cookie Policy
Contact

1. Introduction

This Cookie Policy explains how DroneSpot Kft. ("Provider", "we", "us") uses cookies and similar technologies on the DroneField Portal at https://my.dronefield.app and on the documentation site at https://doc.dronefield.app (collectively, the "Sites").

This Cookie Policy supplements — and should be read together with — our Privacy Policy (document PRIVACY-DRONEFIELD-v1.0), which is the authoritative document for all data-protection questions. Where this Cookie Policy and the Privacy Policy describe the same matter, the two are designed to say the same thing in compatible language; in the event of any inconsistency, the Privacy Policy prevails on data-protection substance, while this Cookie Policy provides the operational detail about cookies.

Our commitment. We use cookies only where they are strictly necessary to run the Sites or where they implement a preference you have asked us to remember. We do not set advertising, analytics, social-media, or third-party tracking cookies. If you have ever wondered why the Portal does not show you a cookie-consent banner, the answer is simply: the cookies we set do not require one under EU ePrivacy law. We have written this Policy to make that fact verifiable rather than just stated.

2. What Are Cookies and Similar Technologies

Cookies. A cookie is a small text file that a website asks your browser to store on your device. When your browser sends a subsequent request to the same website, it includes the cookie value, allowing the website to recognise the same browser across requests. Cookies are not programs and cannot execute code on your device; they are simple identifiers — typically a random string or a short readable value.

First-party vs. third-party cookies. A first-party cookie is set by the website you are visiting (in our case, by my.dronefield.app or doc.dronefield.app). A third-party cookie is set by a different domain that the website you are visiting has embedded — for example, an advertising network. We do not set any third-party cookies, as further described in Section 8.

Session vs. persistent cookies. A session cookie is automatically deleted when you close your browser. A persistent cookie remains on your device until it reaches its expiry date or until you delete it manually.

Similar technologies. In addition to cookies, websites can store small amounts of data on your device using technologies such as:

Local storage (HTML5 localStorage) — a key-value store similar to cookies but with larger capacity, accessible only to the website that wrote it and not transmitted automatically with each request;
Session storage — like local storage, but cleared when the browser tab is closed;
IndexedDB — a structured database in the browser, used by more complex web applications.

The Portal uses a small amount of local storage for non-sensitive UI preferences, as described in Section 7. It does not use session storage, IndexedDB, Web SQL, fingerprinting scripts, ultrasonic beacons, or any other tracking technology.

3. Why We Use Cookies

The cookies we set serve only two purposes:

To keep the Sites running. Without certain cookies, you cannot stay logged in, forms cannot be submitted safely, and the Portal cannot tell one of your browser tabs apart from another. These cookies are called strictly necessary under EU ePrivacy law (Article 5(3) of Directive 2002/58/EC, as amended), and they do not require consent.
To remember a preference you have explicitly asked us to remember. For example, if you tick the "Remember me" checkbox at login, we set a cookie so that you do not need to log in again every time you open the Portal. These cookies are called functional and depend on your active choice.

We do not use cookies for:

Advertising, retargeting, or measuring conversion;
Analytics or measuring user behaviour;
Building any profile of you;
Linking your activity across different websites;
Anything that we have not described in this Policy.

4. Cookies We Set on the Portal

The Portal at my.dronefield.app sets the following cookies. All of them are first-party cookies (set by the Portal itself, not by any third party).

Session cookie.

Cookie name: dronefield_session (or equivalent, set by the Laravel framework)
Purpose: keeps you logged in across pages of the Portal during a single browsing session, and links your subsequent requests to the correct server-side session data;
Type: strictly necessary, first-party, session cookie (deleted when you close the browser);
Legal basis: Legitimate interest plus ePrivacy exemption under Article 5(3) of Directive 2002/58/EC;
Expiry: end of browser session.

Authentication token cookie.

Cookie name: the cookie carrying your Laravel Sanctum API token (name varies by deployment configuration);
Purpose: authenticates calls from the Portal frontend to the Portal backend on your behalf, so that the Portal can show your specific data (Account, Devices, Subscription, Orders);
Type: strictly necessary, first-party, session or short persistent cookie;
Legal basis: Contract (necessary to provide the Service you have asked for) plus Legitimate interest plus ePrivacy exemption;
Expiry: end of browser session, or earlier if you log out.

CSRF token cookie.

Cookie name: XSRF-TOKEN (Laravel default)
Purpose: protects form submissions against cross-site request forgery (CSRF) attacks, by ensuring that a request that changes your data on the Portal really came from a page that you intended to use;
Type: strictly necessary, first-party, session cookie;
Legal basis: Legitimate interest (protecting the security of your Account) plus ePrivacy exemption;
Expiry: end of browser session.

Remember-me cookie (only if you opt in).

Cookie name: the cookie carrying the "Remember me" token (name varies);
Purpose: keeps you logged in across browser restarts for approximately 30 days, so that you do not have to type your password every time;
Type: functional, first-party, persistent cookie;
Legal basis: Consent (you ticked the "Remember me" checkbox at login). You can revoke this consent at any time by logging out, which deletes the cookie;
Expiry: approximately 30 days from the moment you tick the "Remember me" checkbox.

Cookie-acceptance cookie (only relevant if and when a future consent banner is introduced).

If we ever add a cookie that requires consent, we will introduce a consent banner; when you make a choice on that banner, we will set a small cookie to remember your choice. We do not set such a cookie at the date of this Policy because we currently use no cookies that would require consent.

5. Cookies We Set on the Documentation Site

The documentation site at doc.dronefield.app is publicly accessible and does not require login. It sets only one cookie.

Theme cookie.

Cookie name: the cookie carrying the light/dark theme preference (name varies depending on the documentation framework);
Purpose: remembers whether you prefer light or dark mode between visits, so that the site loads in the right theme;
Type: functional, first-party, persistent cookie;
Legal basis: Legitimate interest (this is a harmless preference cookie that improves the reading experience and contains no personal data beyond your theme choice);
Expiry: approximately 12 months.

The documentation site does not set any other cookies — no session cookie (because there is no login), no CSRF token (because there are no forms), and no third-party cookies of any kind.

6. Cookies and Trackers We Do NOT Set

We do not set, run, or allow on the Sites any of the following:

Google Analytics, Microsoft Clarity, Hotjar, Plausible, Matomo, Fathom, or any other web-analytics tool;
Facebook Pixel, LinkedIn Insight Tag, Twitter Pixel, TikTok Pixel, Pinterest Tag, Reddit Pixel, or any other social-media tracking tag;
Google Ads, Microsoft Ads, Bing Ads cookies, or any other advertising-network cookies;
DoubleClick, Criteo, AdRoll, or any other retargeting cookies;
Session-replay tools (Hotjar Recordings, FullStory, LogRocket, etc.);
Fingerprinting scripts that attempt to identify your device through Canvas, WebGL, audio, font, or other browser characteristics;
Ultrasonic beacons or any other cross-device tracking technology;
Affiliate-network cookies that would track which referral brought you to us.

If you inspect the Portal or the documentation site in your browser's developer tools, you can verify these statements: only the cookies and local-storage entries listed in this Policy are present.

7. Browser Local Storage

The Portal stores a small amount of data in your browser's local storage to remember UI preferences that are not security-sensitive. These values stay on your device, are never transmitted to our servers, and are not used for any tracking purpose. They include, for example:

The collapsed/expanded state of certain panels on the Portal;
Your selected sort order on a list page;
The last opened tab on a multi-tab dialog;
The size of resizable columns on tables.

You can clear these values at any time by clearing your browser's site data for my.dronefield.app. Doing so resets the relevant preferences to their defaults the next time you load the page; it does not affect your Account, your data, or anything stored on our servers.

The documentation site does not use local storage other than what the documentation framework needs to remember your theme preference (which is implemented as a cookie, as described in Section 5).

8. Third-Party Cookies

We do not embed any third-party scripts or iframes that would set cookies on the Sites. Specifically:

The Portal does not embed any third-party widgets that would carry cookies (no embedded social-media share buttons, no embedded YouTube or Vimeo players, no live-chat widgets);
The documentation site does not embed any third-party widgets either;
All fonts used on the Sites are either self-hosted or loaded from a CDN configured without setting cookies;
All images are served from our own infrastructure or from CDN endpoints that do not set cookies.

Stripe and the checkout flow. When you complete a paid Order on the Portal, the payment form is served by Stripe. The Stripe payment iframe is loaded from js.stripe.com and may set its own cookies for the purpose of fraud detection (Stripe Radar). These cookies are subject to Stripe's privacy notice at https://stripe.com/privacy and are a necessary part of completing a payment under PCI-DSS rules. They are not set unless you actually proceed to the checkout step, and they are not set on the documentation site or on Portal pages outside the checkout flow. You can review the cookies that Stripe sets in your browser's developer tools when you are on the checkout page.

9. How Long Cookies Last

A short reference for each cookie described above:

Session cookie (Portal): until you close your browser, or earlier if you log out;
Authentication token cookie (Portal): until you log out or your session expires (approximately 30 days);
CSRF token cookie (Portal): until you close your browser;
Remember-me cookie (Portal, optional): approximately 30 days from the moment you tick the "Remember me" checkbox;
Theme cookie (documentation site): approximately 12 months;
Stripe checkout cookies: as set by Stripe, typically session or short persistent, subject to Stripe's own policy.

You can shorten any of the above lifetimes by clearing your browser's cookies for the relevant domain at any time.

10. How to Manage and Disable Cookies

You can manage, refuse, or delete cookies in several ways. The right method depends on your browser and on how granular you want the control to be.

Through your browser's settings. Every modern browser lets you view, allow, refuse, or delete cookies on a per-site or global basis, and lets you control how the browser handles cookies in private/incognito windows. The specific menus differ by browser, but most call the relevant section something like "Privacy and security" or "Cookies and site data". Some short references (independent links, not affiliated with the Provider):

Google Chrome: https://support.google.com/chrome/answer/95647
Mozilla Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
Apple Safari (macOS): https://support.apple.com/guide/safari/manage-cookies-sfri11471
Microsoft Edge: https://support.microsoft.com/microsoft-edge

Logging out of the Portal. Logging out is the simplest way to invalidate your session and authentication-related cookies. The Portal Logout button is in the top-right user menu, and the Software has a "Log out" option in its settings.

Untick the "Remember me" checkbox. If you do not tick "Remember me" at login, no Remember-me cookie is set and your session ends when you close the browser.

Clearing site data. Most browsers let you clear all data for a specific site (cookies, local storage, cache) in a single action. This is a clean way to reset your Portal state without affecting other sites.

Effect of blocking strictly necessary cookies. If you block the session cookie, the authentication token cookie, or the CSRF token cookie on the Portal, the Portal will not function correctly: you will not be able to stay logged in, and form submissions will be rejected for security reasons. We recommend leaving these cookies enabled.

Effect of blocking functional cookies. If you block the Remember-me cookie or the theme cookie, you simply lose the corresponding preference. You can still use the Sites normally; you will just have to log in every time, or the documentation site will revert to the default light theme.

No cookie-consent banner today. Because the cookies described in this Policy are either strictly necessary or set only with your active choice (the "Remember me" checkbox), we do not show a cookie-consent banner. If we ever change that — by introducing a cookie that requires consent — we will add a banner before activating the new cookie, and we will not load it until you have made an active choice.

11. Children

The Sites and the cookies set on them are not directed at children. As described in Section 13 of the Privacy Policy, the minimum age to register an Account on the Portal is 18 (or 16 with parental consent), and the minimum age to use the public documentation site is 16, in line with the default age for valid GDPR consent in Hungary.

12. Changes to this Cookie Policy

We may update this Cookie Policy from time to time, for example to add a new cookie, to change the duration of an existing one, or to reflect changes in browser technology and applicable law.

Material changes — adding a new cookie, especially one that would require consent under EU ePrivacy law — are announced in advance: by an email to the address registered on your Account (if you have one), by a banner on the Portal, and where applicable through a cookie-consent banner that asks for your active choice before the new cookie is set.
Minor changes — typographical corrections, cosmetic updates, or replacing a third-party reference link with an equivalent one — may be made without prior notice. The new effective date is shown at the top of this document, and every previous version remains available on the Portal under Legal Documents.

This Cookie Policy is co-ordinated with the Privacy Policy: where a change affects both documents, we update both together.

13. Contact

If you have a question or concern about cookies on the Sites, the simplest way to reach us is:

Email: [email protected]
Subject line (suggested): "Cookies — [your question]"
Postal address: DroneSpot Kft., 9144 Kóny, Kazinczy utca 23, Hungary

For data-protection questions that go beyond cookies, please use the same channel and follow Section 12 of the Privacy Policy for the formal data-subject request procedure.

End of Cookie Policy.

Effective Date: 12 May 2026 — Version 1.0 — DroneSpot Kft.

Cookie Policy