Controlling language
The English version of this document is the only legally valid and legally binding version. Any non-English version is an AI-generated translation provided for convenience only. If any translated version differs from the English version, the English version prevails.
This Cookie Policy explains how Erphitea OÜ (trading as Katalo), reg. 17272613, Ahtri tn 12, 15551 Tallinn, Estonia ("we," "our," or "us") uses cookies and similar tracking technologies when you visit katalo.ai, use the Katalo web application, or interact with our services (collectively, the "Service").
This policy should be read alongside our Privacy Policy and Terms of Service.
1. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or mobile phone) when you visit a website. They help the website recognize your device on return visits and enable certain features to work. Cookies may be set by us ("first-party cookies") or by third-party services we use ("third-party cookies").
Similar technologies covered by this policy include:
- Local Storage / Session Storage — browser-based storage used to retain session data and user preferences
- Pixels / Web Beacons — small images embedded in pages or emails that signal when content has been loaded or viewed
- Device Fingerprinting — technical data used to recognize devices across sessions for security and analytics purposes
2. Why We Use Cookies
We use cookies and similar technologies to:
- Keep you logged in and maintain your session securely
- Remember your selected language and consent preferences
- Understand how you use the Service so we can improve it
- Process payments securely via our payment provider
- Protect the Service against fraud and abuse
3. Categories of Cookies We Use
3.1 Essential Cookies (No consent required)
These cookies are strictly necessary for the Service to function. They cannot be disabled without breaking core functionality. We rely on our legitimate interests and contractual necessity as the legal basis for these cookies.
| Purpose | Description | Duration |
|---|---|---|
| Authentication | Maintain your authenticated user session | Session |
| Session refresh | Refresh or extend your authenticated session when needed | Session |
| Client auth state | Synchronize authentication state in the browser | Session |
| Language preference | Remember your selected site language | Up to 12 months |
| Cookie preferences | Remember your cookie consent choice | 12 months |
| Payment checkout | Support secure checkout and purchase completion | Session |
3.2 Functional / Preference Cookies
We do not currently rely on a separate category of non-essential functional cookies in production. If we later introduce optional preference cookies that are not strictly necessary for the Service, we will update this policy and request consent where required.
3.3 Analytics Cookies (Consent required)
These cookies help us understand how users interact with the Service, which features are popular, and where users encounter problems.
| Provider | Purpose | Duration | Opt-out |
|---|---|---|---|
| PostHog | First-party product analytics, page views, feature usage, session analytics | Typically up to 12 months, depending on configuration | Via the consent banner when shown, or by clearing your browser cookies and revisiting the site |
3.4 Marketing / Advertising Cookies (Consent required)
We do not currently state that any marketing or advertising cookies are active in production. If we later enable advertising tools such as Google Ads, we will update this policy and cookie audit table before using them.
| Provider | Purpose | Duration | Opt-out |
|---|---|---|---|
| Future advertising tools | Conversion measurement, attribution, or remarketing if later activated | Only if activated in future | Via our consent manager |
4. Third-Party Cookies
We allow trusted third parties to set cookies in connection with the services they provide to us:
4.1 Payment Processing
Lemon Squeezy (LS Tech Inc., d/b/a Lemon Squeezy) acts as our merchant of record and processes payments. When you complete a purchase, Lemon Squeezy may set cookies necessary for secure payment processing.
- Privacy Policy: https://www.lemonsqueezy.com/privacy
- These cookies are considered essential to complete a transaction.
4.2 Clerk Authentication
We use Clerk for authentication. Clerk sets essential first-party cookies needed to maintain login sessions, refresh sessions securely, and coordinate authentication state in the browser.
- Privacy policy: https://clerk.com/privacy
- These cookies are essential to use authenticated parts of the Service.
4.3 PostHog
PostHog is used for product and usage analytics only after you consent to analytics cookies. If enabled, PostHog may use cookies or similar browser storage to maintain an anonymous visitor identifier and session analytics state.
- Privacy policy: https://posthog.com/privacy
- Opt-out: Clear your browser cookies and revisit the site to see the consent banner again, or manage cookies through your browser settings
4.4 Future Analytics and Marketing Tools
We may activate additional analytics or marketing tools in the future, including Google Analytics, Google Ads, or Microsoft Clarity, but only if they are actually deployed in production and only after obtaining any consent required by law. If and when such tools are activated, we will update this Cookie Policy and the cookie audit table below.
4.5 AI Processing Providers
When you use the Service to process images, those images are transmitted to Google (via Google Cloud / Vertex AI) to generate staging outputs. This processing uses server-to-server API calls and does not set cookies in your browser.
4.6 Vercel, Convex, and UploadThing
Vercel (website hosting), Convex (backend infrastructure), and UploadThing by T3 Tools, Inc. (image file storage) may set technical cookies or use similar mechanisms for routing and session management as part of delivering the Service. These are infrastructure-level and do not track you for advertising purposes.
5. Cookie Audit Table
As of April 3, 2026, the following cookies are in use on katalo.ai:
| Cookie Name | Type | Purpose | Duration | Provider |
|---|---|---|---|---|
__session | Essential | User session authentication | Session | Clerk |
__refresh | Essential | Session refresh / extension | Session | Clerk |
__client_uat | Essential | Client-side authentication state | Session | Clerk |
katalo-locale | Essential | Stores your selected language / locale | Up to 12 months | Katalo |
katalo-cookie-consent | Essential | Stores your cookie-consent preferences | 12 months | Katalo |
ph_* | Analytics | PostHog visitor, session, and analytics state if analytics consent is granted | Typically up to 12 months | PostHog |
If we later activate additional analytics or marketing tools, we will update this table before those tools are used in production.
6. Your Cookie Choices and Rights
6.1 Consent Manager
When you first visit katalo.ai, you will see a cookie consent banner. You can:
- Accept all cookies — enable all cookie categories
- Reject non-essential cookies — keep only strictly necessary cookies enabled
- Customize preferences — choose which categories to enable
After you make a choice, the banner will not remain available as a persistent control. If you want to revisit your choice later, you can clear your browser cookies and revisit the site, which will trigger the banner again.
6.2 Browser Controls
You can also manage cookies through your browser settings. Note that disabling cookies may affect the functionality of the Service.
Google Chrome: Settings → Privacy and security → Cookies and other site data
Mozilla Firefox: Options → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Microsoft Edge: Settings → Cookies and site permissions → Manage cookies
6.3 Your GDPR Rights (EEA / UK)
If you are in the European Economic Area (EEA) or the United Kingdom, under the GDPR / UK GDPR and the ePrivacy Directive, you have the right to:
- Withdraw consent for non-essential cookies at any time (without affecting the lawfulness of processing before withdrawal)
- Access information about the cookies we use and the data they collect
- Object to processing based on legitimate interests
- Lodge a complaint with your national data protection authority
For Estonia, the competent supervisory authority is the Data Protection Inspectorate (Andmekaitse Inspektsioon): Website: aki.ee | Email: info@aki.ee
For the UK, the competent authority is the Information Commissioner's Office (ICO): Website: ico.org.uk
6.4 California Residents (CCPA)
If you are a California resident, information collected via cookies may constitute personal information under the California Consumer Privacy Act (CCPA). You may have the right to opt out of the "sale" or "sharing" of your personal information. We do not currently sell personal information. To exercise CCPA rights, contact us at info@katalo.ai.
7. What Happens If You Disable Cookies
Disabling essential cookies will prevent you from using core features of the Service, including logging in and maintaining your session. Disabling non-essential cookies will not affect access to the core Service but may result in a less personalized experience and will prevent us from understanding how to improve the product.
8. Cookies on Mobile Devices
The Katalo web application is accessible from mobile browsers. The same cookie categories apply. You can manage cookies via your mobile browser's privacy settings. We do not currently offer a native mobile app; if we do in the future, this policy will be updated to reflect any app-specific tracking.
9. Do Not Track (DNT)
Some browsers transmit a "Do Not Track" signal. Currently, there is no universally accepted standard for how websites should respond to such signals. We do not currently alter our data collection practices in response to DNT signals, but we will keep this under review as standards develop. Our consent manager provides a more reliable mechanism for controlling non-essential tracking.
10. Updates to This Cookie Policy
We may update this Cookie Policy from time to time, including when we introduce new tracking technologies or update our third-party providers. The updated version will be indicated by a revised "Last Updated" date at the top of this page.
For material changes, we will notify you by posting a notice on our website and, where applicable, sending an email to your registered address. We will update the cookie audit table (Section 5) whenever the cookies we use change.
11. Contact Us
If you have questions about this Cookie Policy or our use of cookies and tracking technologies, please contact us:
Erphitea OÜ (trading as Katalo) Ahtri tn 12, 15551 Tallinn, Estonia Email: info@katalo.ai Phone: +420 776 309 578
12. Governing Law
This Cookie Policy is governed by the laws of the Republic of Estonia and, where applicable, the law of the European Union, including the General Data Protection Regulation (GDPR) (EU) 2016/679 and the ePrivacy Directive 2002/58/EC.