Cookies Policy

This Cookies Policy explains how OneDayWeb (trading name of Cardow & Co Pty Ltd, ABN 66 678 386 073) uses cookies and similar tracking technologies on our websites at onedayweb.io and app.onedayweb.io.

By using our websites and services, you consent to the use of cookies as described in this policy. If you do not agree with our use of cookies, you can manage or disable them through your browser settings (see Section 6).

For information about how we collect and use personal data, please see our Privacy Policy.

1. What Are Cookies?

1.1 Definition

Cookies are small text files that are stored on your device (computer, smartphone, tablet) when you visit a website. They allow the website to remember your actions and preferences over time, so you don't have to re-enter information or reconfigure settings each time you visit.

1.2 How Cookies Work

When you visit our website:

1. Website sends cookie: Our server sends a cookie to your browser
2. Browser stores cookie: Your browser saves the cookie on your device
3. Browser sends cookie back: On future visits, your browser sends the cookie back to our server
4. Website recognizes you: We can identify your device and remember your preferences

1.3 Types of Cookies by Duration

Session Cookies:

• Temporary cookies that expire when you close your browser
• Used for essential functions like keeping you logged in during a session
• Example: Authentication tokens, shopping cart contents

Persistent Cookies:

• Remain on your device for a set period (days, months, or years)
• Used for preferences, analytics, and marketing
• Example: "Remember me" login, language preferences, advertising tracking

1.4 First-Party vs. Third-Party Cookies

First-Party Cookies:

• Set by OneDayWeb (the website you're visiting)
• Used for essential site functions and our own analytics
• Example: Login authentication, site preferences

Third-Party Cookies:

• Set by external services (Google Analytics, Facebook, LinkedIn)
• Used for analytics, advertising, and cross-site tracking
• Example: Google Analytics tracking, Facebook advertising pixel

2. Why We Use Cookies

We use cookies and similar technologies for the following purposes:

2.1 Essential Site Functionality

Purpose: Make our website and services work properly

Examples:

• Keep you logged in to your client dashboard
• Remember your project selections during checkout
• Maintain security and prevent fraud
• Enable core features like project tracking and messaging

Can you opt out? ❌ No - These cookies are necessary for the service to function

2.2 Preferences & User Experience

Purpose: Remember your settings and preferences

Examples:

• Dark mode or light mode theme preference
• Language selection
• Dashboard layout preferences
• "Remember me" login option

Can you opt out? ⚠️ Partially - Disabling these may reduce functionality

2.3 Analytics & Performance

Purpose: Understand how visitors use our website to improve it

Examples:

• Which pages are most popular
• How users navigate through the site
• Where users drop off in the checkout process
• Page load times and technical issues

Can you opt out? ✅ Yes - Via browser settings or opt-out tools (see Section 6)

2.4 Marketing & Advertising

Purpose: Show you relevant ads and measure campaign effectiveness

Examples:

• Track which marketing campaigns bring visitors to our site
• Show you OneDayWeb ads on other websites (retargeting)
• Measure conversion rates from advertising platforms
• Build audiences for targeted advertising

Can you opt out? ✅ Yes - Via browser settings, ad blockers, or platform opt-outs

3. Cookies We Use

3.1 Essential Cookies

These cookies are strictly necessary for our website and services to function. They cannot be disabled without breaking core functionality.

Cookie NameProviderPurposeDurationType__convexAuthConvex (OneDayWeb)User authentication session tokenSessionFirst-party__convexAuthRefreshConvex (OneDayWeb)Refresh token for session renewal30 daysFirst-party

Security Features:

• All authentication cookies use HttpOnly flag (prevents JavaScript access, protects against XSS attacks)
• Secure flag enabled (only transmitted over HTTPS)
• SameSite=Lax attribute (prevents CSRF attacks)

What happens if you disable these?

• ❌ You cannot log in to your client dashboard
• ❌ Checkout process will not work
• ❌ Project tracking and messaging unavailable
• ❌ Core authentication features will fail

3.2 Preference Cookies

These cookies remember your choices and settings to provide a better user experience.

Cookie NameProviderPurposeDurationTypethemeOneDayWebRemember dark/light mode preference1 yearFirst-partylanguageOneDayWebRemember language selection1 yearFirst-partydashboardLayoutOneDayWebDashboard display preferences1 yearFirst-party

What happens if you disable these?

• ⚠️ Settings reset to defaults on each visit
• ⚠️ You'll need to re-select preferences every time
• ✅ Core functionality still works

3.3 Analytics Cookies

These cookies help us understand how users interact with our website so we can improve it.

Google Analytics

Provider: Google LLC
Purpose: Website traffic and user behavior analytics

Cookie NamePurposeDuration_gaDistinguish unique users2 years_ga_*Maintain session state2 years_gidDistinguish unique users (short-term)24 hours_gatThrottle request rate1 minute

Data Collected:

• Pages visited and time spent
• Device type, browser, operating system
• Geographic location (city/country level)
• Traffic source (how you found our site)
• User journey through the site

Privacy: Google Analytics is configured with:

• IP anonymization enabled (last octet of IP address removed)
• Data retention set to 14 months
• User data shared with Google disabled
• Advertising features disabled

Learn More: Google Analytics Privacy Policy

PostHog

Provider: PostHog Inc.
Purpose: Product analytics and user journey tracking

Cookie NamePurposeDurationph_*_posthogUser session and event tracking1 year

Data Collected:

• Feature usage and clicks
• User flows through the application
• Error tracking and debugging
• A/B testing assignments

Privacy: PostHog is configured with:

• Session recording disabled by default
• Personal data masking enabled
• Data stored in US region (SOC 2 compliant)

Learn More: PostHog Privacy Policy

Opt-Out:

• Google Analytics: Google Analytics Opt-Out Browser Add-on
• PostHog: Use browser "Do Not Track" setting or contact us to opt out

3.4 Marketing & Advertising Cookies

These cookies are used to show you relevant ads and track the effectiveness of our marketing campaigns.

Facebook Pixel

Provider: Meta Platforms, Inc.
Purpose: Advertising attribution and audience building

Cookie NamePurposeDuration_fbpTrack visits from Facebook ads3 monthsfrDeliver and measure ad effectiveness3 months

Data Collected:

• Pages visited from Facebook/Instagram ads
• Actions taken (sign-ups, purchases)
• Device and browser information
• Facebook user ID (if logged into Facebook)

What We Use It For:

• Measure ROI of Facebook/Instagram ads
• Retarget website visitors with ads
• Build "lookalike audiences" (similar to our customers)
• Track conversions from ad campaigns

Opt-Out: Facebook Ad Preferences

LinkedIn Insight Tag

Provider: LinkedIn Corporation
Purpose: B2B advertising and conversion tracking

Cookie NamePurposeDurationli_sugrBrowser identification90 daysUserMatchHistoryLinkedIn Ads ID syncing30 daysAnalyticsSyncHistoryStore sync information30 days

Data Collected:

• Visits from LinkedIn ads
• Conversions (sign-ups, purchases)
• Professional demographic data (if logged into LinkedIn)

What We Use It For:

• Track effectiveness of LinkedIn ad campaigns
• Measure B2B audience engagement
• Retarget professional audiences

Opt-Out: LinkedIn Ad Settings

3.5 Webflow Cookies (Marketing Site Only)

If you visit our marketing website at onedayweb.io, Webflow may set cookies for site functionality and analytics.

Provider: Webflow, Inc.
Purpose: Website hosting and content delivery

Cookie NamePurposeDuration_webflow_*Site functionality and performanceVaries

Note: We do not control Webflow's cookies. For details, see Webflow's Cookie Policy.

4. Other Tracking Technologies

4.1 Local Storage & Session Storage

We use browser storage APIs (HTML5 Local Storage and Session Storage) to store:

Local Storage (persistent):

• Theme preferences
• Dashboard settings
• Recently viewed projects
• Feature flags and UI state

Session Storage (temporary):

• Form data during multi-step processes (e.g., Project Builder)
• Temporary authentication tokens
• Error messages and notifications

Difference from cookies:

• Not sent to the server with every request (more efficient)
• Larger storage capacity (up to 5-10 MB vs. 4 KB for cookies)
• Can only be accessed by our website (not third parties)

4.2 Pixels & Web Beacons

What they are: Tiny 1x1 pixel images embedded in emails or web pages

We use pixels for:

• Track email open rates (transactional emails)
• Confirm successful email delivery
• Marketing attribution (Facebook Pixel, LinkedIn Insight Tag)

Example: When you open a payment confirmation email, a pixel loads and tells us the email was delivered successfully.

4.3 Device Fingerprinting

We do NOT use device fingerprinting (advanced tracking that identifies users based on device characteristics).

We rely on cookies and authentication tokens for user identification, which you can control through your browser.

5. Third-Party Services & Data Sharing

5.1 Third-Party Services We Use

When you use OneDayWeb, these third-party services may set cookies or collect data:

Service Providers:

• Stripe: Payment processing (sets cookies for fraud prevention)
• Webflow: Marketing website hosting (may set functionality cookies)
• Cloudflare: Content delivery network (sets security cookies)
• UploadThing: File uploads (may set session cookies)

Analytics & Tracking:

• Google Analytics: Website analytics
• PostHog: Product analytics
• Sentry: Error tracking (no cookies, uses session IDs)

Advertising:

• Facebook Pixel: Facebook/Instagram advertising
• LinkedIn Insight Tag: LinkedIn advertising

5.2 Data Sharing with Third Parties

What we share:

• ✅ Anonymized usage statistics (Google Analytics, PostHog)
• ✅ Advertising conversion events (Facebook, LinkedIn)
• ✅ Error logs and performance data (Sentry)

What we DON'T share:

• ❌ Your personal contact information (name, email, phone)
• ❌ Your project details or business information
• ❌ Payment information (Stripe handles this securely, we don't see card numbers)
• ❌ Your private messages or Project Brief content

For complete details on data sharing, see our Privacy Policy.

5.3 Links to Third-Party Policies

We recommend reviewing the privacy and cookie policies of third-party services:

• Google Analytics: Privacy Policy | Cookie Policy
• PostHog: Privacy Policy
• Facebook: Data Policy | Cookie Policy
• LinkedIn: Privacy Policy | Cookie Policy
• Stripe: Privacy Policy | Cookie Policy
• Webflow: Privacy Policy | Cookie Policy

6. How to Manage Cookies

6.1 Browser Settings

You can control cookies through your browser settings. Here's how to manage cookies in popular browsers:

Google Chrome:

1. Settings → Privacy and Security → Cookies and other site data
2. Choose "Block all cookies" or "Block third-party cookies"
3. Manage exceptions for specific sites

Safari (macOS/iOS):

1. Preferences → Privacy
2. Choose "Block all cookies" or "Prevent cross-site tracking"
3. Enable "Ask websites not to track me"

Firefox:

1. Settings → Privacy & Security → Cookies and Site Data
2. Choose "Delete cookies and site data when Firefox is closed"
3. Or click "Manage Data" to delete specific cookies

Microsoft Edge:

1. Settings → Privacy, search, and services
2. Choose "Block all cookies" or "Block third-party cookies"
3. Manage site permissions

Mobile Browsers:

• Safari (iOS): Settings → Safari → Privacy & Security
• Chrome (Android): Chrome menu → Settings → Site Settings → Cookies

6.2 What Happens If You Block Cookies?

Block All Cookies:

• ❌ You cannot use OneDayWeb services (login will not work)
• ❌ Checkout process will fail
• ❌ Dashboard and project tracking unavailable

Block Only Third-Party Cookies:

• ✅ OneDayWeb services still work (login, checkout, dashboard)
• ❌ Analytics tracking may be impacted
• ❌ Advertising attribution will not work
• ✅ Privacy enhanced (no cross-site tracking)

Recommended Setting:

• Allow first-party cookies (from onedayweb.io and app.onedayweb.io)
• Block third-party cookies (from Google, Facebook, LinkedIn)
• Use browser extensions like Privacy Badger or uBlock Origin for more control

6.3 Opt-Out Tools

Analytics Opt-Out:

• Google Analytics: Browser Add-on
• Browser "Do Not Track" setting (supported by PostHog)

Advertising Opt-Out:

• Facebook: Ad Preferences
• LinkedIn: Ad Settings
• Digital Advertising Alliance: DAA Opt-Out
• Network Advertising Initiative: NAI Opt-Out

Industry Opt-Out Tools:

• Your Online Choices (EU): youronlinechoices.com
• DAA (USA): aboutads.info/choices
• NAI (USA): networkadvertising.org/choices

Note: Opting out of advertising cookies does NOT stop you from seeing ads; it stops ads from being personalized based on your browsing behavior.

6.4 Do Not Track (DNT)

What is "Do Not Track"?

• A browser setting that requests websites not to track you
• Sends an HTTP header: DNT: 1

OneDayWeb's Response to DNT:

• ✅ We respect DNT signals for analytics cookies (PostHog honors DNT)
• ❌ Essential cookies (login, security) are still required for functionality
• ⚠️ Third-party cookies (Google Analytics, Facebook) may not respect DNT

How to Enable DNT:

• Chrome: Settings → Privacy & Security → Send "Do Not Track" request
• Firefox: Settings → Privacy & Security → Send "Do Not Track" signal
• Safari: Enabled by default ("Prevent cross-site tracking")

7. Cookies for Logged-In Users

7.1 Authentication Cookies

When you log in to your OneDayWeb client dashboard, we set authentication cookies to keep you logged in:

Cookies Set:

• __convexAuth (session token)
• __convexAuthRefresh (refresh token for extended sessions)

Duration:

• Session cookies: Expire when you close your browser
• "Remember me" enabled: Cookies last 30 days

Security features (HttpOnly, Secure, SameSite=Lax) are described in Section 3.1 above.

7.2 Dashboard Preferences

Your dashboard settings are stored in cookies and local storage:

Stored Preferences:

• Theme (dark/light mode)
• Sidebar collapsed/expanded state
• Notification preferences
• Recently viewed projects

Duration: 1 year (or until you clear browser data)

7.3 Clearing Your Session

To log out and clear all session data:

1. Click "Log Out" in your dashboard (clears authentication cookies)
2. Or clear cookies manually via browser settings (see Section 6.1)

After logout:

• ✅ Authentication cookies are deleted
• ✅ Session storage is cleared
• ✅ Preference cookies remain (theme, language) for convenience

8. Cookies on Our Marketing Site (onedayweb.io)

8.1 Webflow Cookies

Our marketing website (onedayweb.io) is hosted on Webflow, which may set its own cookies:

Webflow Cookies:

• Site functionality and performance
• Content delivery optimization
• Analytics (if enabled by Webflow)

We do NOT control Webflow's cookie usage. For details, see Webflow's Cookie Policy.

8.2 Project Builder (Embedded on Marketing Site)

The Project Builder widget on our marketing site (onedayweb.io/build) may set cookies to:

• Save your project configuration in progress
• Remember your timeline preferences
• Pre-fill your contact information at checkout

Duration: 7 days (or until you complete checkout)

9. International Users & Data Transfers

9.1 Where Cookies Are Processed

OneDayWeb operates from Australia, but our third-party services may process cookies in different countries:

Data Processing Locations:

• Convex (authentication): United States (AWS)
• Google Analytics: United States (Google data centers)
• PostHog: United States (PostHog Inc.)
• Facebook Pixel: United States (Meta Platforms)
• LinkedIn Insight Tag: United States (LinkedIn Corporation)
• Cloudflare: Global network (data centers worldwide)

9.2 GDPR Compliance (EU/UK Users)

If you are located in the European Union or United Kingdom:

✅ We obtain your consent before setting non-essential cookies (analytics, marketing)
✅ You have the right to withdraw consent at any time (see Section 6)
✅ We provide clear information about all cookies we use (this policy)
✅ We honor opt-out requests for analytics and advertising

Your GDPR Rights:

• Right to access cookie data
• Right to erasure (delete cookies)
• Right to object to processing
• Right to data portability

To exercise your rights: Email privacy@onedayweb.io

9.3 CCPA Compliance (California Users)

If you are a California resident:

✅ You have the right to know what personal information is collected via cookies
✅ You have the right to opt-out of the "sale" of personal information
✅ We do NOT sell your personal information (including cookie data)

Note: Sharing data with advertising platforms (Facebook, LinkedIn) may be considered a "sale" under CCPA. You can opt out via:

• Browser "Do Not Track" setting
• Ad platform opt-out tools (see Section 6.3)
• Emailing privacy@onedayweb.io

9.4 Australian Privacy Principles (APP)

As an Australian company, we comply with the Privacy Act 1988 (Cth) and Australian Privacy Principles.

Under APP:
✅ We provide clear notice about cookie collection (this policy)
✅ We collect only necessary information via cookies
✅ We protect cookie data with reasonable security measures
✅ You have the right to access and correct your data

Complaints: Contact the Office of the Australian Information Commissioner (OAIC)

10. Cookie Consent & Consent Management

10.1 How We Obtain Consent

Essential Cookies (no consent required):

• Set automatically when you use our services
• Necessary for core functionality (login, security)

Non-Essential Cookies (consent required for EU/UK users):

• Analytics cookies (Google Analytics, PostHog)
• Marketing cookies (Facebook Pixel, LinkedIn Insight Tag)

Consent Methods:

• Cookie Consent Banner: Displayed on first visit (for EU/UK users)
• Continued Use: By continuing to use our site, you consent to cookies (Australian users)
• Browser Settings: You can block cookies via browser controls (see Section 6)

10.2 Withdrawing Consent

You can withdraw consent at any time by:

1. Clearing cookies via browser settings (see Section 6.1)
2. Using opt-out tools for analytics and advertising (see Section 6.3)
3. Emailing us: privacy@onedayweb.io

Note: Withdrawing consent for essential cookies will prevent you from using OneDayWeb services (login will not work).

10.3 Cookie Preferences

To update your cookie preferences:

• Visit our Cookie Preference Center: app.onedayweb.io/cookie-settings (if implemented)
• Or manage via browser settings (see Section 6.1)

11. Children's Privacy

OneDayWeb services are not intended for individuals under 18 years of age.

We do not knowingly collect cookies or personal data from children. If you believe we have collected information from a child under 18, please contact us immediately at privacy@onedayweb.io, and we will delete it promptly.

12. Changes to This Cookies Policy

12.1 Updates & Notifications

We may update this Cookies Policy from time to time to reflect:

✅ Changes in cookie usage (new analytics tools, advertising platforms)
✅ Legal or regulatory requirements (GDPR, CCPA, Australian Privacy Act)
✅ Industry best practices and user feedback

When we make changes:

• "Last Updated" date will be revised at the top of this document
• Material changes will be communicated via email or prominent notice on our website
• Continued use of our services after changes constitutes acceptance

12.2 Previous Versions

Previous versions of this Cookies Policy are available upon request. Email legal@onedayweb.io to request archived versions.

13. Contact Us

13.1 Questions or Concerns

If you have questions about our use of cookies or this Cookies Policy, please contact us:

OneDayWeb (Cardow & Co Pty Ltd)
ABN: 66 678 386 073

📧 Email: privacy@onedayweb.io
📧 General Inquiries: info@onedayweb.io
📧 Data Protection: legal@onedayweb.io

📬 Mailing Address:
PO Box 299
Unit 1/12 Blackall St
Woombye QLD 4559
Australia

🌐 Website: onedayweb.io

13.2 Complaints & Regulatory Authorities

Australia:
Office of the Australian Information Commissioner (OAIC)

• Website: www.oaic.gov.au
• Phone: 1300 363 992
• Email: enquiries@oaic.gov.au

European Union/United Kingdom:
Contact your local data protection authority. List available at:
edpb.europa.eu/about-edpb/board/members_en

California (USA):
California Attorney General's Office

• Website: oag.ca.gov/contact

14. Summary & Key Takeaways

Essential Cookies (Always Active)

✅ Required for login and checkout
✅ Security and fraud prevention
✅ Session management

Analytics Cookies (Can Opt-Out)

⚠️ Google Analytics, PostHog
⚠️ Help us improve the website
✅ Can disable via browser or opt-out tools

Marketing Cookies (Can Opt-Out)

⚠️ Facebook Pixel, LinkedIn Insight Tag
⚠️ Show you relevant ads
✅ Can disable via ad platform settings

Your Control Options

✅ Browser cookie settings (Section 6.1)
✅ Third-party opt-out tools (Section 6.3)
✅ "Do Not Track" browser setting
✅ Contact us to request deletion

This Cookies Policy is effective as of the "Last Updated" date shown above. By using OneDayWeb services, you acknowledge that you have read and understood this Cookies Policy.

Related Policies:

• Privacy Policy
• Terms & Conditions
• Refund Policy

‍