Cookie Policy
Effective Date: April 25, 2026
1. Introduction
This Cookie Policy explains how Cellilox Limited ("Cellilox," "Company," "we," "us," or "our") uses cookies and similar technologies on the Cellilox website and web application (collectively, the "Services"). It is intended to be read alongside our Privacy Policy (in particular §10 of that policy) and our Terms of Service.
Cellilox sets only a minimal set of strictly-necessary first-party cookies and relies primarily on its third-party authentication provider (Clerk) for session management. We do not use cookies for advertising or behavioral profiling.
2. What Are Cookies and Similar Technologies?
Cookies are small text files placed on your device when you visit a website. They allow the site to remember information about your visit so it can function correctly and improve subsequent visits.
Web beacons (tracking pixels) are tiny invisible images embedded in web pages or emails that can record whether you opened a page or message.
Local storage and session storage are browser-based storage mechanisms that the Services use to keep small amounts of state (such as your UI preferences) on your device between page loads.
For brevity we refer to all of the above as "cookies" in this Policy.
3. Categories of Cookies We Use
3.1 Strictly Necessary Cookies
These are required for the Services to function. They keep you authenticated, protect against cross-site request forgery, and remember the project or page you were viewing across page loads. You cannot opt out of strictly-necessary cookies without breaking the application.
Sources: a small number of first-party cookies set by Cellilox (e.g. a Next.js session token, project context cookies) and the authentication cookies set by Clerk on its own domain (see §4).
3.2 Functional Cookies
These remember your preferences within the application (for example, the last selected billing tab, or the open/closed state of certain UI panels). They are used purely to improve your experience and are not shared with third parties.
3.3 Performance Cookies
Clerk may set a small number of cookies to measure the performance and reliability of its authentication widgets (login latency, error rates, A/B-test variant). We do not run our own analytics cookies on the Services.
3.4 Advertising and Targeting Cookies
We do notserve advertisements through the Services and we do not use advertising or targeting cookies. If you sign in through a social-login option that Clerk supports (e.g. Google), the social-login provider may set its own cookies on its own domain when you complete the sign-in flow. Those cookies are governed by the social-login provider's policies, not this Policy.
4. Third-Party Cookies — Clerk Authentication
Clerk is our authentication and session-management provider. When you sign in, register, or interact with Clerk's authentication widgets on Cellilox, Clerk may set cookies on its own domain (typically .clerk.com or a sub-domain delegated to us). The list below is illustrative — Clerk may add, remove, or rename cookies at any time. For the most current information, see clerk.com/privacy.
| Cookie | Purpose | Expiration | Category |
|---|---|---|---|
__session / __client | Authenticates the active session and links the browser to the signed-in user. | Session or short-lived (typically < 1 hour, refreshed) | Strictly Necessary |
__clerk_db_jwt | Stores a JWT used to verify your session against Clerk's backend. | Session | Strictly Necessary |
__clerk_csrf | CSRF protection for authentication actions. | Session | Strictly Necessary |
__clerk_features | Stores feature flags / experimental settings for Clerk widgets. | Up to 30 days | Functional |
__clerk_ab_test | A/B-test variant identifier used to optimize sign-in flows. | Up to 14 days | Performance |
5. First-Party Cookies Set by Cellilox
Where we set cookies on the Cellilox domain itself, they are strictly-necessary and short-lived. They include:
- A session/identity token issued by our application after Clerk verifies you, used server-side by our Next.js application during the request lifecycle.
- A project-context cookie that remembers which project you are viewing so that page navigations resolve the correct workspace.
- A small UI-preference cookie (open/closed state of certain panels, last-selected billing tab, etc.).
We do not run analytics cookies, advertising cookies, or behavioral-profiling cookies on the Cellilox domain.
6. Why We Use Cookies
- Authentication and session management — keep you signed in across page loads and devices.
- Security and fraud prevention — CSRF tokens, abuse-detection counters.
- Functionality — remember UI preferences and the project you are working on.
- Performance monitoring (Clerk) — measure the reliability of authentication.
7. Your Choices and Controls
- Browser settings. Most browsers let you view, block, or delete cookies in their privacy/security preferences. Blocking strictly-necessary cookies will prevent you from signing in or staying signed in.
- Privacy extensions. If you use a tool like Ghostery, Privacy Badger, or uBlock Origin, allow cookies from
clerk.com(and any Clerk subdomain we use) so authentication works. - Mobile devices.Use your mobile browser's privacy settings to manage cookies. Deleting them will sign you out of the Services.
- Clearing existing cookies. Clearing your browser cache and cookies will remove all cookies for all sites, including Cellilox and Clerk; you will need to sign back in.
Because we do not use non-essential cookies (analytics, advertising, profiling), we do not display a cookie-consent banner.
8. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our cookie usage, in third-party providers (such as Clerk), or in applicable law.
- Non-material changes — clarifying language, typographical corrections, or updates to the illustrative cookie list — take effect when the revised Policy is posted on this page.
- Material changes — for example, adding a new category of cookie (such as analytics) or a new third-party cookie source — will not take effect for at least thirty (30) days after we notify you. Notice will be given by email to the address on your account and/or by a prominent in-app notice.
- The "Effective Date" at the top of this Policy will be updated to reflect each change. Continuing to use the Services after the Effective Date constitutes acceptance of the revised Policy.
9. Additional Resources and Contact
For general information about cookies and how to manage them in your browser:
For questions about this Cookie Policy, contact us:
Cellilox Limited Privacy & Data Protection Email: hello@support.cellilox.com Registered office: Republic of Rwanda
Acknowledgment
By using the Services, you acknowledge that you have read and understood this Cookie Policy. If you do not agree, do not use the Services or, where possible, disable Clerk's authentication cookies in your browser — note that doing so will prevent you from signing in.