Cookie Policy
Last updated: May 17, 2026 · FANARI OÜ (registration code 16648170)
In short: we use only essential cookies. No tracking, no advertising, no third-party analytics.
BalticLeads is a B2B SaaS — we don't make money from selling your data or showing ads. The cookies below are strictly necessary for the service to function (login session, security, language preference). Under EU ePrivacy Directive Art. 5(3), strictly necessary cookies don't require prior consent.
1. What Are Cookies
Cookies are small text files stored by your browser when you visit a website. They allow the site to remember information about you (e.g. that you're logged in) between page loads. We also use similar local storage technology (localStorage) for client-side preferences.
2. Cookies We Use
2.1 Strictly Necessary (no consent required)
| Name | Purpose | Type | Retention |
|---|---|---|---|
session | Flask session token — keeps you logged in between page loads. Server-side, HttpOnly, Secure, SameSite=Lax. | First-party | Session (until browser close) or until logout |
csrf_token | CSRF protection token — prevents cross-site request forgery attacks on forms. Required for POST/PUT/DELETE requests. | First-party | Session |
bl_lang (localStorage) | Stores your preferred UI language (en/et/ru/lv/lt) so we render the right translation on next visit. | First-party | 1 year |
bl_theme (localStorage) | Stores your theme preference (light/dark) for UI rendering. | First-party | 1 year |
bl_cookie_ack (localStorage) | Remembers that you've seen the cookie notice so we don't show it again on every page. | First-party | 1 year |
__Host-stripe_* (only on payment pages) | Stripe's own cookies used during the secure checkout flow. Set by Stripe's iframe, not by us. | Third-party (Stripe) | Session |
2.2 Cookies We DON'T Use
- No Google Analytics — we use server-side logs only, no client-side tracking pixels
- No Facebook Pixel or any social-media tracking
- No advertising cookies — we don't run ads on the platform
- No third-party A/B testing tools like Hotjar, Fullstory, Optimizely
- No data brokers or audience syndication
3. Managing Cookies
Since all cookies we use are strictly necessary for the service to function, disabling them in your browser will prevent the platform from working. Specifically:
- Disabling the
sessioncookie — you won't be able to log in - Disabling
csrf_token— forms won't submit (security blocks) - Disabling localStorage — language preference resets on every visit, theme always defaults
You can manage cookies in your browser settings: Chrome · Firefox · Safari · Edge.
4. If We Add Tracking Later
If we ever introduce analytics, advertising, or third-party tracking cookies, we will update this policy AND present you with a granular consent dialog (accept-all / reject-all / category-by-category) before any such cookie is set. We will respect your choice and not load any non-essential script until you've explicitly opted in. This commitment is required by EU ePrivacy Directive Art. 5(3) and the EDPB's 2023 cookie guidance.
5. Contact
Questions about cookies or this policy: info@balticleads.ee. Lead supervisory authority: Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon).
Related: Privacy Policy · Terms of Service · Imprint · Refund Policy