2. How We Use Cookies
Habova uses cookies and browser storage for three specific purposes only:
Strictly necessary for the Platform to function. Without these, you cannot log in, navigate between pages, or use the dashboard. They cannot be disabled.
Remember preferences you have set — such as your colour scheme and sidebar layout — so you do not have to reconfigure them on every visit. Disabling these does not break the Platform, but your preferences will reset each session.
Collect aggregated, pseudonymised information about how the Platform is used — which features are most accessed, where users encounter errors, and overall session patterns. This data never identifies you personally and is used solely to improve the product. You may opt out at any time.
Habova does not use advertising cookies, tracking pixels from social networks, or any cookies intended to build a profile of you for marketing purposes — on any part of the Platform.
3. Cookies We Set
The table below lists every first-party cookie and browser storage item Habova sets. This list is kept up to date as the Platform evolves.
| Name | Type | Duration | Purpose |
|---|---|---|---|
| auth_presence | Essential | Session / 7 days | Presence marker that tells our middleware a session exists. Does not contain the JWT — the real token lives in localStorage. |
| XSRF-TOKEN | Essential | Session | Cross-Site Request Forgery protection token issued by the Laravel backend on each session. |
| habova_theme | Functional | 1 year | Stores your preferred colour scheme (light / dark / system) so the correct theme loads on your next visit without a flash. |
| habova_sidebar | Functional | 1 year | Remembers whether the dashboard sidebar is pinned open or collapsed on desktop. |
| _habova_session | Essential | Session | Server-side session identifier used to maintain stateful context between requests to the Laravel API. |
| _habova_analytics | Analytics | 90 days | Pseudonymised identifier used to count unique sessions and measure feature usage. No personally identifiable data is stored in this cookie. |
Duration: Session / 7 days
Presence marker that tells our middleware a session exists. Does not contain the JWT — the real token lives in localStorage.
Duration: Session
Cross-Site Request Forgery protection token issued by the Laravel backend on each session.
Duration: 1 year
Stores your preferred colour scheme (light / dark / system) so the correct theme loads on your next visit without a flash.
Duration: 1 year
Remembers whether the dashboard sidebar is pinned open or collapsed on desktop.
Duration: Session
Server-side session identifier used to maintain stateful context between requests to the Laravel API.
Duration: 90 days
Pseudonymised identifier used to count unique sessions and measure feature usage. No personally identifiable data is stored in this cookie.
Note: authentication tokens (JWT and refresh token) are stored in localStorage rather than cookies. This is a deliberate security design to prevent them from being sent automatically on every HTTP request, reducing CSRF exposure.
4. Third-Party Cookies
Habova does not embed third-party advertising networks or social media widgets that set their own cookies. The only third-party scripts that may set cookies on your device are:
- Google Fonts — loaded via a stylesheet from fonts.googleapis.com to serve the Poppins typeface. Google may set a session cookie for font caching purposes. This does not contain personal data.
- Google Sign-In (optional)— if you choose to authenticate via your Google account, Google's sign-in scripts (accounts.google.com) may set cookies as part of the OAuth 2.0 flow. These are governed by Google's Privacy Policy. Google Sign-In is entirely optional — you can always sign in with email and password instead.
We do not load Facebook Pixel, Google Analytics (GA4), Hotjar, Intercom, or any other third-party analytics or customer engagement scripts on the authenticated Platform.
5. Your Choices
You have several options for managing cookies. Note that disabling essential cookies will prevent the Platform from working correctly.
Browser settings
All major browsers allow you to view, block, or delete cookies through their settings. The links below take you to the relevant help pages:
Analytics opt-out
You can opt out of analytics cookies at any time from your account settings under Privacy & Data. Opting out deletes the analytics cookie and prevents a new one from being set on subsequent visits. Essential and functional cookies are unaffected.
Clearing localStorage
Your authentication token is stored in localStorage. Clearing it (via your browser's developer tools or by clicking Sign Out within the Platform) will end your session. You will need to sign in again on your next visit.
6. Do Not Track
Some browsers can send a Do Not Track (DNT) signal to websites. There is currently no agreed industry standard for how websites should respond to this signal. Habova does not currently alter its data collection practices based on DNT signals, but we will review this position as standards evolve.
Regardless of DNT status, Habova does not use your data for advertising or sell it to third parties. The only analytics we collect are used to improve the Platform for all users.
7. Policy Updates
We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in the law, or changes in our services. When we make material changes, we will update the effective date at the top of this page and notify account holders via email if the change is significant.
We encourage you to review this page periodically. Continued use of the Platform after any update constitutes acceptance of the revised policy.
8. Contact
If you have questions about how Habova uses cookies or wish to exercise any rights related to data set through cookies, please contact:
Privacy enquiries: privacy@habova.com
General support: support@habova.com
For broader privacy rights under the Kenya Data Protection Act 2019, including the right to access or delete your data, see our full Privacy Policy.