Cookie Policy
Cardsflow policies and documentation for users and partners.
Last Updated: April 29, 2026 | Version: 2.0
We use no tracking cookies, no advertising cookies, and no third-party profiling tools.
Questions? privacy@cardsflow.net
1. WHAT ARE COOKIES?
Cookies are small text files placed on your device when you visit a website. They can remember preferences, track behaviour across sites, or serve advertising.
Cookie Type
Description
First-party cookies
Set directly by the website you are visiting.
Third-party cookies
Set by external services embedded in a website, such as analytics platforms or ad networks.
CardsFlow uses no third-party cookies of any kind.
2. COOKIES WE USE
We use only the minimum number of cookies required to operate the platform securely and keep you logged in.
2.1 Strictly Necessary Cookies
These cookies are essential for the platform to work. They cannot be switched off. They do not track you, store personal data beyond your session, or share anything with third parties.
Cookie Name
Purpose
Duration
session_id
Keeps you securely logged in and authenticates your Account requests during your visit.
Session
csrf_token
Protects form submissions against cross-site request forgery (CSRF) attacks. A core security requirement.
Session
consent_pref
Stores your cookie preference choice so we do not ask again on every visit.
6 months
2.2 Analytics — No Cookies Used
We use Simple Analytics (simpleanalytics.com) to understand basic platform usage.
What Simple Analytics Does NOT Do
What Simple Analytics DOES Do
Set any cookies of any kind
Count anonymous page views in aggregate
Collect personally identifiable information
Respect Do Not Track browser signals
Fingerprint your device or browser
Store only anonymised, aggregate counts
Track you across websites or sessions
Operate with no link to any individual
Build user profiles or share data with advertisers
Because Simple Analytics sets no cookies and collects no personal data, no consent is required under UK GDPR or the Privacy and Electronic Communications Regulations (PECR). Review their approach at simpleanalytics.com/privacy
2.3 Advertising — None
We use no advertising cookies, no retargeting pixels, no social media tracking, and no marketing networks on any page of cardsflow.net. This includes:
Google Analytics and Google Ads tags
Meta (Facebook) Pixel
LinkedIn Insight Tag
Hotjar, Clarity, or any session recording tool
Intercom or any chat tool that sets tracking cookies
Any affiliate tracking script
This is our firm policy. We will update this page if that ever changes.
3. COOKIES ON PAYMENT PAGES
On all payment and account pages including /checkout, /payment, /card/add, and /card/verify:
Only strictly necessary session cookies are present
No third-party scripts of any kind are loaded
No analytics tools operate on these pages
This is a hard requirement of our PCI DSS compliance programme and our own security standards.
4. YOUR COOKIE CHOICES
4.1 Our Cookie Notice
When you first visit cardsflow.net you will see a brief notice confirming we use only essential session cookies and that our analytics tool sets no cookies. No consent banner is required for Simple Analytics.
4.2 Managing Cookies in Your Browser
You can view, manage, and delete cookies through your browser settings at any time.
| Browser | Where to Find Cookie Settings |
|---|---|
| Google Chrome | Settings → Privacy and Security → Cookies and other site data |
| Mozilla Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Apple Safari | Preferences → Privacy → Manage Website Data |
| Microsoft Edge | Settings → Cookies and Site Permissions → Cookies and site data |
Blocking strictly necessary cookies may prevent you from logging in or completing payments.
4.3 Simple Analytics Opt-Out
Although Simple Analytics collects no personal data, you may opt out at any time by visiting simpleanalytics.com/optout or by enabling "Do Not Track" in your browser settings. Simple Analytics honours DNT signals by default.
5. SUMMARY — ALL TECHNOLOGIES WE USE
| Technology | Type | Sets Cookies? | Collects Personal Data? |
|---|---|---|---|
| session_id | Essential | Yes | No — session token only |
| csrf_token | Security | Yes | No |
| consent_pref | Preference | Yes | No |
| Simple Analytics | Analytics | No | No |
| NowPayments | Payments | No | Tokenised reference only |
No other technologies are used on cardsflow.net.
6. CHANGES TO THIS POLICY
We will update this Policy if our use of cookies or analytics tools changes. The "Last Updated" date at the top reflects the most recent revision. Material changes will be communicated via a site notice and by email where appropriate.
7. CONTACT
privacy@cardsflow.net
Post
CardsFlow, [Full Registered Address]
ICO
ico.org.uk | 0303 123 1113