Cookie & Local Storage Policy

Effective Date: 1st March 2026

1. Our "No Bloat" Philosophy xontax is a secure FinTech application. We strictly adhere to a "No Chrome, No Bloat" design principle. Therefore, we do not deploy third-party advertising cookies, tracking pixels, or invasive marketing analytics.

2. Strictly Necessary Cookies The cookies and local storage mechanisms we use are mandatory for the security, authentication, and legal compliance of the platform. You cannot opt out of these while using xontax.

3. Detailed Breakdown of Usage

Clerk Authentication Tokens: Used to maintain your secure session, verify your identity upon login, and prevent unauthorized access to your financial dashboard. Duration: Session/Persistent (up to 7 days).

HMRC Fraud Prevention Headers (Gov-Client-Device-ID): To comply with HMRC Making Tax Digital regulations, we are legally required to generate and store a persistent UUID on your device. This, along with viewport dimensions and timezone data, is transmitted to HMRC with every API request to detect and prevent fraudulent tax submissions. Duration: Persistent.

UI State Tokens: We use local browser storage to remember your preferred dark/light mode (lib/ui-tokens.ts) and sidebar toggle states to ensure a seamless, non-scrolling desktop-app experience. Duration: Persistent.