This page describes which cookies and which browser localStorage keys Volti.ee uses — both the marketing site at volti.ee and the application at app.volti.ee.

1. Current state

Volti.ee currently does not set any marketing or analytics cookies. Everything below is strictly necessary for the service (authentication, session, language preference). For this reason no consent banner is shown — strictly necessary cookies are exempt under ePrivacy art 5(3).

If we add analytics or marketing cookies in the future (e.g. self-hosted Plausible, Hotjar), we will activate a consent banner first.

2. Cookies on the marketing site (volti.ee)

The marketing site is static and sets no first-party cookies. Next.js may emit technical cookies for caching, but no persistent identifying cookie is used.

3. Cookies on the application (app.volti.ee)

Cookie	Purpose	Duration	Type
`XSRF-TOKEN`	Laravel Sanctum CSRF protection	Session	Strictly necessary
`volti_session`	Laravel session identifier	2 hours	Strictly necessary

4. localStorage keys

The application uses browser localStorage for the following purposes — all strictly necessary (user preferences and service operation):

Key	Purpose	Duration
`auth_token`	Stores the Sanctum bearer token for the active session	Until logout
`locale`	User language preference (et / en)	Persistent until manually changed
`theme`	Light/dark theme preference	Persistent until manually changed
`app-version`	Tracks the running app version to notify on updates	Persistent until next app update
`op-check-draft:<id>`	Operation-check drafts saved offline	Until the draft is synced to the server

5. Managing cookies in the browser

You can always delete or block cookies in your browser settings. Note that blocking strictly necessary cookies will prevent login and data saving in the app.

6. Changes

If we begin to use a new cookie or localStorage key, we will update this page and, if the change concerns consent-requiring cookies, we will display a consent banner.