This page explains how Kadeon, operated by STS Lab SRL, uses cookies and similar browser storage technologies (such as localStorage and sessionStorage) in the application and marketing website.
1. What are cookies and similar technologies
Cookies are small text files stored on your device by the browser when you visit a website or web application. Technologies such as localStorage and sessionStorage serve analogous purposes within single-page web applications (SPA): they allow the application to persist state between page loads, without relying on traditional cookie mechanisms.
For the application part of Kadeon (authenticated dashboard), we primarily use localStorage rather than cookies, for the reasons set out below.
2. Storage and cookies we use
2.1 Technical/strictly necessary storage (no consent required)
The following storage items are indispensable for the functioning of the Service and are set automatically when you log in or use the application:
mp_token(localStorage) — JWT authentication token. Contains the bearer token used to authenticate all API calls. Without it, the application cannot identify you and it is not possible to use the dashboard. It is deleted on logout.mp_user(localStorage) — Cached user profile (email, role, tenant identifier, locale preferences). Used to avoid an additional API call on each page load. Deleted on logout and refreshed at login.mp_locale(localStorage) — Language preference (it/en). Used to display the interface and legal pages in the selected language.
2.2 Functional storage (interface and UX preferences)
The following items are used to improve the user experience, remembering choices made during use:
mp.onboarding.dismissed(localStorage) — Records whether the user has closed the onboarding wizard card on the records page. Prevents the card from reappearing on every login. Specific to the browser/device.mp_pay_ack_{tenantId}(localStorage) — Records the user's explicit acknowledgement that they have selected a billing plan in the onboarding wizard. Keyed by tenant ID so it is specific to the account.mp_wa_ack_{tenantId}(localStorage) — Records the choice to skip or defer the WhatsApp channel configuration step in the onboarding wizard. Keyed by tenant ID.- UI filters and sort preferences (localStorage, session-lived) — Sort order, status filter, items-per-page for tables (records, mailboxes, identities). Stored locally to avoid having to reset preferences on each visit.
2.3 Third-party technical cookies — Stripe
When you access the billing section or initiate a payment, the Stripe payment provider sets its own technical cookies (e.g. __stripe_mid, __stripe_sid, __stripe_orig_props) used for fraud prevention, security and compliance purposes. These cookies are strictly necessary for the payment flow and do not require consent.
Stripe may also set cookies to detect anomalous browser behaviour and protect against card fraud. For details see the Stripe Cookie Policy.
2.4 Third-party technical cookies — WhatsApp Business (Meta)
If the WhatsApp Business integration is activated for your account, routing via the Meta (Facebook) platform may cause Meta to set its own cookies or technical tokens in certain interaction flows. For details see Meta's Cookie Policy.
3. What we do NOT use
- Profiling cookies: we do not use cookies to profile users for advertising purposes.
- Third-party advertising trackers: we do not install Facebook Pixel, Google Ads, or other advertising tracking systems in the application.
- Web analytics with third-party cookies: we do not use Google Analytics or other analytics services that install persistent cookies. Any aggregate statistics on platform usage are calculated internally from our own data, without tracking individual users.
- Cross-site tracking: we do not share data about your navigation with third-party advertising networks.
4. Duration of storage
- Authentication token (mp_token): persists until logout or until the JWT expires (as configured in the platform, usually 24 hours to 7 days). It is deleted on explicit logout.
- User profile cache (mp_user): deleted on logout and automatically refreshed.
- Language preference (mp_locale): persistent, without expiry, until manually cleared by the user from browser settings.
- Onboarding and acknowledgement data: persistent, without expiry, until you clear the browser's localStorage or request deletion via support.
- Stripe cookies: duration as defined by Stripe (generally from session to 1–2 years for fraud-prevention cookies).
5. Managing preferences
You can manage, block or delete cookies and stored data using your browser settings:
- Chrome: Settings → Privacy and security → Clear browsing data
- Firefox: Settings → Privacy and Security → Cookies and site data → Clear data
- Safari: Settings → Privacy → Manage website data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data
Important: deleting the authentication token (mp_token) will result in immediate logout. Deleting interface preferences will reset sorts, filters and onboarding status.
You can also request the deletion of any locally stored data by contacting privacy@stslab.it.
6. Consent
The storage items listed in sections 2.1 and 2.2 are strictly necessary or functional, and do not require consent under the applicable Italian and EU regulations. Third-party cookies (Stripe, Meta) are technical/security cookies instrumental to services explicitly requested by the user (payments, WhatsApp integration) and also do not require consent.
Should we introduce optional cookies (e.g. analytics, personalised marketing) in the future, we will update this Policy and show an appropriate consent banner.
7. Updates
This Cookie Policy may be updated following changes to the Service or new technical integrations. Changes will be published on this page with the new update date.