Cookie Policy | Helpdash

How Helpdash Ltd uses cookies and similar browser-storage technologies across the Helpdash marketing site, the product application, and the embeddable LiveChat widget.

Contents

Introduction
Scope
Categories of Cookies We Use
Third-Party Cookies
The LiveChat Widget Cookie
Managing Your Cookie Preferences
Do Not Track & Global Privacy Control
Updates to This Policy
Contact

1. Introduction

A "cookie" is a small text file placed on your device by a website you visit. Cookies are widely used to make websites work, to make them work more efficiently, and to provide information to the operators of the site. Alongside cookies in the strict sense, modern browsers also expose related storage mechanisms — most commonly localStorage, sessionStorage, and IndexedDB — which can store small amounts of data on your device. Throughout this Policy we use the word "cookies" as shorthand for cookies and these similar technologies; where the distinction matters, we call it out explicitly.

This Policy explains what cookies Helpdash Ltd ("Helpdash", "we", "us", or "our") sets, why we set them, and how you can control them. It is intended to comply with our obligations under: (a) the EU ePrivacy Directive 2002/58/EC (as amended by Directive 2009/136/EC) and the national laws transposing it across the European Economic Area; (b) the United Kingdom Privacy and Electronic Communications Regulations 2003 (PECR), as enforced by the Information Commissioner's Office; and (c) the cookie-disclosure provisions of relevant United States state laws including the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA).

This Policy should be read alongside our Privacy Policy, which explains how we process the personal data that some cookies may contain or generate.

2. Scope

This Policy applies to the marketing website at https://helpdash.io, to the product application at https://app.helpdash.io, and to any other subdomain of helpdash.io that we operate. It also covers the embeddable Helpdash LiveChat widget (the "Widget") to the extent that the Widget itself sets cookies, as further described in Section 5.

This Policy does not apply to the websites of Helpdash customers ("tenants") who embed the Widget on their own domains. Each tenant is independently responsible for the cookie policy that governs its own site, and you should consult that policy for information about any cookies set in the tenant's own first-party context. The Widget itself sets a single first-party cookie on the embedding site for session continuity; the contents and purpose of that cookie are documented in Section 5 so that tenants and their visitors are fully informed.

3. Categories of Cookies We Use

We classify cookies into four categories. As of the effective date at the foot of this Policy, only categories (a) and (b) are in active use on Helpdash properties.

3.1 Strictly Necessary Cookies

These cookies are essential to deliver the Service you have requested. Without them, parts of the application will not function correctly. They are set on a first-party basis and require no consent under PECR Regulation 6(4) (the "strictly necessary" exemption) and the equivalent ePrivacy carve-out across the EEA.

Session cookies (typically named with a _session suffix) — keep you signed in to the application during a single browser session. They are HTTP-only, marked SameSite=Lax, and (in production) Secure.
CSRF token (XSRF-TOKEN) — protects you against cross-site request forgery attacks by binding form submissions and API requests to your session. Required for any state-changing action.
Language preference — remembers your selected interface language across visits so you do not have to re-select it each time.

3.2 Functional / Preference Storage

These items remember choices you make to give you a more personalised experience. On Helpdash properties this data is stored in localStorage rather than as a true HTTP cookie, but we disclose it here in the interests of transparency.

Cookie-notice acknowledgement (helpdash.cookie-consent.v1) — records that you have dismissed the cookie notice on the marketing site so we do not show it again.
Interface state — items such as the collapsed/expanded state of the dashboard sidebar, your chosen colour theme (light/dark), and any saved table-filter selections. These never leave your browser.

None of the items in Section 3.2 are used for cross-site tracking, profiling, or advertising.

3.3 Analytics Cookies

Helpdash does not currently load any third-party analytics or marketing cookies on the marketing site. If we adopt an analytics tool in the future, we will update this Policy in advance, present a consent banner with a clear "reject all" control on a par with "accept all", and we will not load the analytics script unless and until you grant consent.

3.4 Marketing / Advertising Cookies

We do not run any marketing, advertising, retargeting, or behavioural-profiling cookies on Helpdash properties. We do not embed advertising pixels, social-media trackers, or third-party tag managers.

4. Third-Party Cookies

A small number of third-party services are embedded into specific user journeys. These services may set their own cookies in their own first-party context, governed by their own cookie policies; we list them here so you know what to expect.

Paddle (Paddle.com Market Limited) — when you proceed to checkout for a paid Helpdash subscription, you are redirected to or embedded within Paddle's checkout, which sets its own cookies for fraud prevention, tax determination, and session continuity. Paddle's cookie disclosures are available at paddle.com/legal/cookies.
Cloudflare, Inc. — our edge network sets the __cf_bm bot-management cookie and may set cf_clearance following an interactive challenge. These cookies exist solely to distinguish humans from automated traffic and are treated as strictly necessary under PECR Regulation 6(4). Further detail is available in Cloudflare's cookie reference.
Google LLC ("Sign in with Google") — set only if you click "Sign in with Google" on the Helpdash login page. The cookies are set by Google during their consent flow and are governed by Google's cookie policy. We do not receive Google's cookies and we do not load any Google script unless you affirmatively initiate the Google sign-in flow.

We do not embed any other third-party scripts or tags on the marketing site.

5. The LiveChat Widget Cookie

When a Helpdash customer embeds the LiveChat widget on their own website, the Widget sets a single first-party cookie on the embedding site:

Name: hd_livechat_visitor_<tenant-slug>
Type: first-party cookie (set on the embedding site's domain, not on helpdash.io)
Lifetime: one (1) year from the most recent visit
Attributes: SameSite=Lax; Secure when served over HTTPS
Purpose: stores an opaque visitor token that allows the Widget to maintain the visitor's chat session across page navigation, so the visitor does not lose the conversation history when moving from one page of the site to another, or when returning later.

Because the cookie is first-party to the embedding site, it is set in the visitor's browser on the customer's domain and is not directly readable by Helpdash from a different domain. The Widget transmits the token value to the Helpdash backend over HTTPS to look up the matching chat session.

The visitor token is unique per tenant: a visitor who interacts with the Widget on Tenant A's site receives a token that is different from, and not linkable to, the token issued by Tenant B's Widget. The token is not used for cross-site tracking, behavioural profiling, advertising, or any other secondary purpose. It contains no directly identifying information.

Helpdash customers (tenants) who do not wish to set this cookie on their visitors' browsers can choose not to embed the Widget. Where the Widget is embedded, tenants are responsible for disclosing the cookie in their own cookie notice and for obtaining any consent that their local law requires.

6. Managing Your Cookie Preferences

6.1 Browser controls

All major browsers let you view, delete, and block cookies via the browser's own settings. Most browsers also offer an "incognito" or "private" mode that discards cookies at the end of the session. Vendor instructions for the four most widely used desktop browsers are available at:

6.2 Mobile

Equivalent controls are available on mobile in iOS Safari (Settings > Safari > Privacy & Security) and on Chrome for Android (Settings > Site settings > Cookies). Other mobile browsers expose comparable options inside their settings menus.

6.3 Consent banner

Because we currently set no analytics, marketing, or other non-essential cookies, we do not present a cookie consent banner. If we introduce any non-essential cookies in the future, we will deploy a consent banner before those cookies are loaded; the banner will offer a "reject all" option that is no less prominent or accessible than the "accept all" option, in line with the European Data Protection Board's guidance on consent.

6.4 Note on blocking strictly necessary cookies

If you block or delete the strictly necessary cookies described in Section 3.1, you will not be able to sign in to the application, and other parts of the dashboard that rely on a CSRF token or a stable session will not work. We are unable to provide a workaround because these cookies are essential to the basic operation of the Service.

7. Do Not Track & Global Privacy Control

Do Not Track (DNT). We respect the DNT browser signal to the extent reasonable. When a request reaches our marketing site with the DNT: 1 header set, we will not load any non-essential third-party scripts in response to that request. As of the effective date below, the marketing site loads no non-essential third-party scripts at all, so this commitment is operationally a no-op today; it remains in force as a forward-looking obligation against any future change.

Global Privacy Control (GPC). We honour the GPC signal as a valid universal opt-out mechanism for sale or sharing of personal information under the CCPA/CPRA, and as a valid opt-out of targeted advertising and the sale of personal data under the Colorado Privacy Act and the Connecticut Data Privacy Act. Where a request reaches us with the Sec-GPC: 1 header, we treat it as an opt-out request made by the relevant resident in respect of that browser. Because we do not sell personal information and do not engage in cross-context behavioural advertising, no further action is normally required to give effect to the signal; if this changes in the future, the GPC signal will continue to be respected as the controlling opt-out for the affected processing.

8. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in our practices, in the cookies we set, or in applicable law. For material changes — including, in particular, the introduction of any new category of cookie that requires consent — we will give at least thirty (30) days' advance notice via in-app banner and via email to the address on file. Non-material changes (such as typographical fixes or updated vendor links) take effect on posting.

The version number, effective date, and last-reviewed date for the current Policy are shown at the foot of this page. Archived prior versions are available on request from privacy@helpdash.io.

9. Contact

Questions about this Cookie Policy or about the cookies set by Helpdash properties can be sent to privacy@helpdash.io. If you would prefer to write to our general support inbox, you can reach us at support@helpdash.io.

Postal address: Helpdash Ltd, London, United Kingdom, England & Wales.

Cookie Policy.