Pluralize
Toggle menu

Cookie Policy

Last updated: 2026-04-27

This Cookie Policy explains what cookies and similar technologies Pluralize sets on the dashboard and marketing site at pluralize.app, what they do, how long they last, and the legal basis for using them. It supplements our Privacy Policy.

What is a cookie?

A cookie is a small text file stored by your browser when you visit a website. We also use the term loosely here to cover localStorage, sessionStorage and similar client-side storage mechanisms — although we currently use none of them on pluralize.app.

Under EU law (Directive 2002/58/EC, the "ePrivacy Directive", as implemented in Spain by Article 22.2 LSSI) and the GDPR, strictly necessary cookies do not require consent. Other cookie types — analytics, advertising, preferences that are not essential to the service requested — do require prior opt-in consent collected through a cookie banner.

Cookies we set today

The following cookies are set by pluralize.app itself. They are all set as HttpOnly, Secure, SameSite=Lax first-party cookies on the pluralize.app domain.

| Name | Purpose | Type | Retention | Lawful basis | | --- | --- | --- | --- | --- | | plz-session | Holds the signed JWT that identifies you while you are signed into the dashboard. Required to authenticate every request. | Strictly necessary | 30 days from issue, refreshed on activity, cleared on sign-out | ePrivacy Art. 5(3) "strictly necessary" exception; GDPR Art. 6(1)(b) contract | | plz-app | Remembers which of your apps is currently selected in the dashboard so context persists across pages. | Functional (necessary for the service requested) | 30 days, cleared on sign-out or when the app is deleted | ePrivacy Art. 5(3) "service requested by the user" exception; GDPR Art. 6(1)(b) contract |

Both cookies are first-party, HttpOnly (so they are not readable by JavaScript), and Secure (sent only over HTTPS). They contain no advertising identifiers, no cross-site tracking signals, and are never shared with third parties.

Cookies set by sub-processors

Stripe sets its own cookies on the Stripe-hosted Checkout and Customer Portal pages used during billing flows. Those cookies are governed by Stripe's own Cookie Policy and are out of our control. We do not embed Stripe.js or any other Stripe script on pluralize.app itself.

GitHub sets cookies on its own OAuth authorization screen if you choose to sign in with GitHub. Those are governed by GitHub's Privacy Statement. Once redirected back, only the cookies above are set.

Why we don't show a cookie banner

European law only requires a consent banner when a site sets cookies that are not strictly necessary for the service the user requested — typically analytics, advertising or non-essential personalization cookies. Today pluralize.app sets none of those. We don't run Google Analytics, Plausible, Posthog, Hotjar, Meta Pixel, or any other tracking script. There is nothing for you to consent to and a banner would be theatre.

If we ever introduce non-essential cookies (for example, an analytics provider with its own identifiers), we will add a proper consent banner that:

  • blocks the relevant scripts until consent is granted;
  • offers an equally prominent "Reject all" option alongside "Accept all";
  • records the consent decision and lets you change your mind later from this page;
  • complies with the AEPD's 2024 cookie guidance.

Tenant apps

This Cookie Policy covers pluralize.app only. The cookies set by your App (the consumer-facing application you build with Pluralize) are your responsibility as its operator. Our SDK sets one cookie on your domain — the session cookie used to identify the signed-in tenant — and that one is strictly necessary in the same way as plz-session. Any other cookies (analytics, marketing, preferences) come from your own choices and require your own banner if applicable.

Controlling cookies

Because the cookies above are strictly necessary, blocking them in your browser will prevent the dashboard from working — you simply won't be able to stay signed in. If you want to stop receiving them, sign out and close the tab; both cookies will expire on schedule or you can clear them manually through your browser's settings.

Modern browsers also let you block or delete cookies on a per-site basis:

  • Chrome — Settings → Privacy and security → Cookies and other site data
  • Firefox — Settings → Privacy & Security → Cookies and Site Data
  • Safari — Preferences → Privacy → Manage Website Data
  • Edge — Settings → Cookies and site permissions

Changes to this policy

If we add, remove or change cookies in a material way, we will update this page and bump the "Last updated" date. If the change introduces non-strictly- necessary cookies, the change will be announced in-dashboard and you will be asked for consent before any new cookie is set.

Questions? Email hello@pluralize.app — we'll route to the right person.