Cookie Policy
Last updated: 2026-04-28. Effective from: 2026-04-25.
Operator. This Cookie Policy applies to services operated by ФОП Даценко А.В. (A.V. Datsenko, sole proprietor registered in Ukraine), РНОКПП 3339403456 ("CallPing", "we", "us"). Mailing address: Plytkova str. 65/106, Kharkiv, Kharkivska oblast, 61047, Ukraine. For data-protection inquiries, contact [email protected].
What This Policy Covers
This Cookie Policy explains how CallPing uses cookies and similar browser storage (such as localStorage) on callping.app, my.callping.app (user portal), admin.callping.app (admin panel), and status.callping.app (status page).
This policy supplements our Privacy Policy. For broader information about how we handle personal data, please read both documents.
What Are Cookies?
Cookies are small text files that a website stores in your browser when you visit it. localStorage is a related browser feature that stores key-value data in your browser. Both are commonly used to remember preferences, keep you signed in, or improve performance.
Cookie Categories
We classify the cookies and storage we set into three categories:
- Strictly necessary — required for core security and functionality. These cannot be disabled and we do not seek consent for them, because the Service cannot function without them.
- Analytics — used to understand how the Service is used. CallPing currently sets no analytics cookies. This category is described here as a placeholder for any future use, which would require your consent.
- Marketing — used for advertising or cross-site tracking. CallPing currently sets no marketing cookies. This category is described here as a placeholder; if introduced in future, we would seek your consent.
Cookies We Set (Strictly Necessary)
Authentication cookies
| Cookie name | Domain | Purpose | Lifetime | Type |
|---|---|---|---|---|
__Host-cp_session | my.callping.app (and the API host that issues it) | Authenticates your portal session. Contains a JWT signed with HMAC-SHA256. Marked HttpOnly, Secure, SameSite=Lax. | Up to 24 hours by default; up to 7 days if you select "Stay logged in" at login; absolute cap of 90 days. | First-party, strictly necessary |
__Host-cp_admin_session | admin.callping.app (and the API host that issues it) | Authenticates your admin session. Same security flags as above. | Same lifetime structure as the portal session. | First-party, strictly necessary |
These cookies use the __Host- prefix, which mandates Secure, Path=/, no Domain attribute, and origin-bound delivery. CSRF protection is implemented in addition to cookie security flags.
We do not set any tracking cookies. The only third-party-domain cookies that may be set during use of the Service are those set by Paddle's hosted checkout when you initiate a paid subscription — see the section below.
localStorage We Use
CallPing's portal and admin apps store a small number of values in your browser's localStorage:
| Key | Purpose | Category |
|---|---|---|
cp_cookie_consent | Records your acknowledgement that you have seen this Cookie Policy notice. Today, this is a notice acknowledgement only — CallPing currently sets only strictly-necessary and functional cookies, so no consent decision is recorded. When non-strictly-necessary cookies are introduced (e.g., analytics, marketing), this key will be expanded to record per-category consent choices under GDPR Article 6(1)(a) (consent), with the consent record itself stored under the same Article 6(1)(a) basis. | Compliance record |
cp_display_name | Caches your display name so the UI can show it without a roundtrip on first paint. | Strictly necessary (functionality) |
cache:* | Stale-while-revalidate cache used by the portal to avoid authentication and data-loading races on page transitions. Stores non-sensitive, user-scoped UI data (e.g., your own list of phone numbers, your own scenarios) so the dashboard remains usable while a refresh request is in flight. Currently classified as functional and active by default for all signed-in users. You may clear it from your browser at any time, and you can request that we disable cache:* for your account by emailing [email protected]; we will honour the request within 5 business days. A richer in-product opt-out toggle is queued for a future release (v1.3). | Functional |
pending_invite | Holds an invite code while a new user completes the signup flow. | Strictly necessary (functionality) |
localStorage is not transmitted to our servers automatically — it lives in your browser. You can clear it from your browser's developer tools or site-data settings at any time.
Third-Party Cookies
CallPing does not embed third-party content that sets cookies on our domains beyond Paddle's hosted checkout, which is reached when you initiate a paid subscription from the in-app pricing or billing pages.
Paddle hosted-checkout cookies
When you click "Subscribe" or "Start free trial" on a CallPing pricing or billing page, you are redirected to a checkout flow hosted by Paddle.com Inc. ("Paddle"). Paddle sets first-party cookies on the checkout domain for:
- Payment-session continuity — keeping your in-progress checkout intact across page transitions.
- Fraud prevention — Paddle's anti-fraud signals, including device fingerprinting required by card networks for SCA (Strong Customer Authentication) under PSD2.
- PCI-DSS compliance — session-isolation controls that allow Paddle to operate as a PCI-DSS Level 1 service provider.
These cookies are strictly necessary to complete the payment and cannot be opted out of without the checkout failing. The exact cookie names, lifetimes, and scopes are controlled by Paddle and may change; Paddle's current cookie information is published at paddle.com/legal. Under Article 5(3) of the EU ePrivacy Directive and the UK Privacy and Electronic Communications Regulations (PECR), the requirement for prior consent applies to cookies set on the user's device by the entity operating that domain. Because Paddle's checkout is hosted on Paddle's own controlled domain and Paddle is an independent data controller for the checkout flow, Paddle's own consent and notice mechanisms govern those cookies; CallPing's cookie banner does not need to surface them as a separate consent category.
Paddle is an independent data controller for the payment data processed at checkout, including the cookies it sets on its own checkout domain. CallPing does not have access to Paddle's cookies, and Paddle does not have access to CallPing's authentication cookies. See the Privacy Policy §2.3 and §6 for the data-handling relationship.
If we add other third-party content in future
If we later embed any other third-party content (for example, an embedded support chat widget, a marketing-site analytics tool, or any tool that introduces tracking cookies), we will:
- Update this Cookie Policy to list the new cookies and their categories.
- Obtain your consent before any non-strictly-necessary cookies are set, where required by applicable law.
Cookie Notice and (Future) Consent
Today, the cookie banner is a notice, not a consent interaction. Because CallPing currently sets only strictly-necessary cookies (authentication) and a limited number of functional localStorage keys, no consent is required under the EU ePrivacy Directive or UK PECR. The banner explains what we set and why; you do not need to accept anything for the Service to work.
If you are located in Germany (TTDSG), France (CNIL strict ePrivacy interpretation), or another jurisdiction whose ePrivacy regulator does not classify functional localStorage caching as strictly necessary, you may request that we disable the cache:* localStorage entries for your account by emailing [email protected]; we will honour the request within 5 business days while a richer in-product toggle (queued for v1.3) ships.
When non-strictly-necessary cookies are introduced (e.g., analytics, marketing, or any non-essential third-party content), we will:
- Update this Policy to list the new cookies and their categories.
- Replace the notice banner with a real consent banner that lets you opt in or out per category, with consent recorded server-side under GDPR Art. 7(1) so we can demonstrate it on request.
- Notify active users by email or in-app notice before the new cookies are deployed, with a reasonable opportunity to review the change.
You can reopen the banner at any time from the "Cookie settings" link in the footer of any of our portals.
You can also manage cookies and localStorage directly through your browser settings. Most modern browsers let you:
- Block all cookies, or block third-party cookies only.
- Delete existing cookies for a specific site.
- Clear
localStoragefor a specific site.
Note that blocking strictly-necessary authentication cookies will sign you out of CallPing and prevent the Service from functioning.
Updates to This Policy
We may update this Cookie Policy when we add or remove cookies, change a cookie's purpose or lifetime, or in response to changes in applicable law. The "Last updated" date at the top of this page reflects the most recent revision.
Contact
For questions about this Cookie Policy, contact [email protected] or see the Contact page.