Cookie & Local Storage Policy
1. Overview
Arcova OS is a business-to-business (B2B) SaaS security workforce management platform operated by CT Software, LLC (dba Arcova / Arcova OS). This policy explains how we use cookies, local storage, and similar technologies within the Arcova OS application.
Important
Arcova is a web application, not a content or marketing website. We use only strictly necessary cookies and local storage required for the application to function. We do not use:
- Advertising or retargeting cookies
- Analytics or tracking cookies (such as Google Analytics)
- Third-party tracking pixels or beacons
- Social media tracking cookies
- Cross-site tracking of any kind
2. Essential Cookies
The following cookies are strictly necessary for the Arcova OS application to function and cannot be disabled without breaking core functionality.
2.1 Application Cookies
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
arcova_session | Encrypted session identifier. Maintains your authenticated session with the application. | Session (expires on browser close or after 120 minutes of inactivity) | Strictly necessary |
XSRF-TOKEN | Cross-Site Request Forgery protection token. Prevents unauthorized third parties from submitting requests on your behalf. | Session | Strictly necessary |
remember_web_* | Persistent login token. Set only if you select "Remember Me" during sign-in. Allows you to remain signed in across browser sessions. | 30 days | Strictly necessary |
2.2 Stripe Payment Cookies
When you interact with payment forms within Arcova (e.g., entering payment method details or processing invoices), Stripe, Inc. may set cookies necessary for secure payment processing and fraud prevention. These cookies are set directly by Stripe and are governed by Stripe's Cookie Policy. Arcova does not control or have access to these cookies.
3. Local Storage and Service Workers
Arcova uses browser local storage and service workers to support application functionality, particularly for the progressive web app (PWA) experience on mobile devices.
3.1 Service Worker Cache
| Storage | Purpose | Duration |
|---|---|---|
| Service worker cache | Caches static application assets (JavaScript, CSS, images) to enable faster load times and limited offline functionality. | Persists until manually cleared or updated by a new application deployment |
3.2 Offline Queue Storage
| Storage | Purpose | Duration |
|---|---|---|
offline_clock_actions | Stores pending clock-in/clock-out actions when a guard's device temporarily loses connectivity. Automatically synced when connectivity is restored. | Until successfully synced |
offline_reports | Stores pending incident reports and daily activity reports created while offline. | Until successfully synced |
offline_sync_queue | General queue for pending data synchronization items. | Until successfully synced |
3.3 Session and Application State
| Storage | Purpose | Duration |
|---|---|---|
| Session storage | Maintains temporary application state within a browser tab (e.g., form drafts, navigation context). Cleared when the tab is closed. | Browser tab session |
| Secure token storage | Stores encrypted authentication tokens for the mobile app experience. | Until logout or token expiry (7 days) |
4. Third-Party Technologies
4.1 Stripe
As described in Section 2.2, Stripe may set cookies during payment processing flows. These are limited to payment and fraud detection purposes.
4.2 Google Maps
If map-based features are enabled for your organization (e.g., patrol route visualization, GPS tracking maps), Google Maps may set cookies or use local storage in accordance with Google's Privacy Policy. These are loaded only when map features are actively used.
4.3 Push Notifications
If you opt in to push notifications, your browser stores a push notification subscription endpoint. This endpoint is used solely to deliver notifications you have opted into (e.g., shift reminders, incident alerts). No tracking or analytics data is transmitted through push notifications.
5. Why We Do Not Display a Cookie Consent Banner
Arcova uses only strictly necessary cookies and local storage required for the authenticated application to function. Under most privacy frameworks, including:
- EU ePrivacy Directive (Article 5(3)) and GDPR — Consent is not required for cookies that are "strictly necessary" for providing an information society service explicitly requested by the user.
- UK PECR — Exempt from consent requirements for cookies "strictly necessary" for the service.
- California (CCPA/CPRA) — Does not require consent banners for cookies, and Arcova does not "sell" or "share" personal information via cookies.
Since Arcova does not use any marketing, analytics, or tracking cookies, a consent banner is not legally required. This policy is provided for transparency.
6. How to Control Cookies and Local Storage
6.1 Browser Cookie Settings
You can manage cookies through your browser settings. Instructions for common browsers:
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Settings > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions > Cookies and data stored
Note: Disabling or blocking essential cookies will prevent you from signing in to and using the Arcova OS application.
6.2 Clearing Local Storage
To clear local storage and service worker data:
- Chrome: Developer Tools (F12) > Application tab > Storage > Clear site data
- Firefox: Developer Tools (F12) > Storage tab > Local Storage > right-click > Delete All
- Safari: Developer Tools > Storage tab > Clear Web Data
- Edge: Developer Tools (F12) > Application tab > Storage > Clear site data
Note: Clearing local storage will remove any pending offline actions (clock events, reports) that have not yet been synced. Ensure your device has connectivity and all pending items have synced before clearing storage.
6.3 Unregistering Service Workers
To remove the service worker:
- Navigate to your browser's service worker management page (e.g.,
chrome://serviceworker-internals/in Chrome) - Find the Arcova OS entry and click "Unregister"
Alternatively, clearing all site data as described in Section 6.2 will also remove the service worker.
7. Changes to This Policy
We may update this policy from time to time to reflect changes in technology, legal requirements, or our practices. Material changes will be communicated through the Arcova OS application. The "Last Updated" date at the top of this policy indicates when it was most recently revised.
8. Contact
If you have questions about this Cookie and Local Storage Policy:
CT Software, LLC (dba Arcova / Arcova OS)
Privacy: [email protected]
Support: [email protected]
Legal: [email protected]