Cookie Policy
Last updated: May 2026 · Effective immediately
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. They help us recognize your device, remember your preferences, and provide a secure, seamless experience. We also use similar technologies such as local storage, session storage, and device fingerprinting for fraud prevention.
2. How we use cookies
• Essential / Strictly Necessary. Required for authentication, session management, and security. These cannot be disabled.• Functional. Remember your preferences (e.g., language, dark mode, navigation state) and workspace settings.• Analytics. Help us understand how contractors and project managers use Nexus so we can improve workflows, loading speed, and feature discoverability. We use privacy-preserving, aggregate metrics.• Fraud prevention. Detect suspicious login patterns and protect financial data orchestrated through the platform.
3. Categories of cookies we set
• Auth tokens — Stored in httpOnly, secure cookies or localStorage (depending on your SSO setup) to keep you signed in.• Session cookies — Temporary cookies that expire when you close your browser, used for CSRF protection and short-lived state.• Preference cookies — Theme, sidebar collapse state, and notification settings.• Analytics cookies — Anonymous usage telemetry; we do not track across third-party sites.
4. Third-party cookies
We do not sell ad space or behavioral data. The only third-party cookies on Nexus are from:• Stripe — Fraud detection and secure checkout processing.• Plaid — When you connect a financial institution via Plaid Link, Plaid may set cookies subject to their own policy. See the Plaid End User Privacy Policy.• Procore / QuickBooks / other integrations — OAuth flows to these services may involve their own cookie policies when you are redirected to authorize.
5. Managing your cookie preferences
You can manage cookies through your browser settings. Disabling essential cookies will prevent sign-in and secure access to project data. For non-essential cookies, you may adjust preferences in Settings → Privacy within the app.
6. Cookie retention
Authentication cookies expire with your session or within 30 days (refresh tokens). Preference cookies persist until you clear them. Analytics data is retained for 90 days in aggregate form.
7. Contact
For cookie-related questions, contact privacy@billslash.app.