This Cookie Policy explains how Tilkly uses cookies and local storage when you visit or use our website builder platform at tilkly.com.
Operated by: EI Jyoti SINGH, Toulouse, France. Questions? privacy@tilkly.com
What Are Cookies
Cookies are small text files that websites place on your device to store information between visits. They help us authenticate you, remember your preferences, and keep the Service secure.
localStorage is a browser feature that lets a website store key-value data on your device. Unlike cookies, localStorage data is never sent to the server automatically. It is read only by client-side JavaScript on the same origin.
Cookies We Use
| Name | Purpose | Duration | Category |
|---|---|---|---|
sb_jwt |
Authentication — your access token. HttpOnly, Secure, SameSite=Lax | 15 minutes | Strictly necessary |
sb_refresh |
Authentication — your refresh token. HttpOnly, Secure, SameSite=Lax | 30 days | Strictly necessary |
sb-lang |
Language preference, set on first visit from CF-IPCountry. SameSite=Lax, Secure | 30 days | Strictly necessary |
sb_consent_v2 |
Records your cookie consent choice so we don't prompt you every visit. SameSite=Lax | 1 year | Strictly necessary |
sb-csrf |
CSRF protection token, prevents cross-site request forgery. HttpOnly, Secure | Session | Strictly necessary |
Local Storage
We store the following in your browser's localStorage:
- Cookie consent preference — so we do not re-prompt you on every visit.
- Non-sensitive UI state — such as the selected page ID and theme preferences in the builder dashboard.
No tracking data, personal information, or authentication tokens are stored in localStorage.
First-Party Analytics
When you accept cookies, we collect anonymous page view counts on your published site. This data includes:
- Page slug (which page was visited)
- Referrer (where the visitor came from)
- Country code (derived from Cloudflare headers)
We do not perform browser fingerprinting, cross-site tracking, or share data with any third-party analytics provider. All analytics data is automatically deleted after 90 days.
Third-Party Cookies
Tilkly itself does not set any third-party tracking cookies. We do not load Google AdSense or other advertising scripts on Tilkly marketing, policy, dashboard, or published-site pages. If we introduce third-party advertising in the future, we will update this policy and require prior consent before those scripts run.
If you (as a site owner) add a Google Analytics GA4 Measurement ID in your site settings, the GA4 tracking scripts will run on your published site, not on the Tilkly dashboard. The published-site GA4 loader is gated behind the analytics category in the consent banner.
Custom scripts configured in site settings are gated behind the marketing category. Google reCAPTCHA, when enabled for forms, is loaded only after a visitor submits a validated form.
Managing Cookies
You can manage or delete cookies through your browser settings. Most browsers allow you to:
- View and delete existing cookies.
- Block all cookies or only third-party cookies.
- Set per-site cookie permissions.
sb_jwt and sb_refresh.Your Choices
When you first visit Tilkly, a cookie banner asks for your consent:
- Accept: we enable first-party analytics on published sites and allow any configured GA4 analytics loader to run.
- Decline: no analytics scripts are loaded; only strictly necessary cookies are set.
You can change your choice at any time by clearing your cookies and revisiting the site, which will trigger the consent banner again.
Contact
If you have questions about this Cookie Policy:
- 🍪 Cookie questions: privacy@tilkly.com
- 💬 General support: support@tilkly.com