Notabot Cookie Policy for Website Visitors

Last updated: 4 May 2026

Website: https://notabot.srcabc.com/

Controller / Website operator: Kenyeres László, sole entrepreneur

Tax number: 57473804-1-42

Sole entrepreneur registration number: 56102710

Registered seat: 1107 Budapest, Szárnyas utca 10/C, Hungary

Contact: [email protected]

This Cookie Policy applies to visitors of the public Notabot website at https://notabot.srcabc.com/. It explains how cookies, similar technologies, browser storage and security-related network technologies may be used when you visit the website.

This is a visitor-facing cookie policy. It is separate from the Notabot Terms of Service, Privacy Policy and customer Data Processing Addendum.

1. What are cookies and similar technologies?

Cookies are small text files placed on your device by a website or by services used by that website. They can help a website work securely, remember your preferences, maintain sessions, protect against abuse, measure usage, or support marketing.

Similar technologies may include:

  • local storage;
  • session storage;
  • browser identifiers;
  • server logs;
  • security challenge tokens;
  • consent-management records;
  • content delivery and anti-abuse identifiers.

For simplicity, this policy refers to these technologies collectively as "cookies" unless the context requires otherwise.

2. Who is responsible for cookies on this website?

For cookies and similar technologies used on https://notabot.srcabc.com/, the website operator is:

Kenyeres László

Sole entrepreneur

Registered seat: 1107 Budapest, Szárnyas utca 10/C, Hungary

Tax number: 57473804-1-42

Sole entrepreneur registration number: 56102710

Contact: [email protected]

Where a third-party service provider processes personal data on our behalf, it acts as a processor or sub-processor under the applicable contract or data processing terms. In some limited cases, a third-party provider may also act as an independent controller for its own legally permitted purposes, as described in its own privacy documentation.

3. Summary of our cookie approach

Notabot is intended to be a privacy-conscious security service. Our baseline approach is:

  1. Strictly necessary cookies and security technologies may be used without consent where they are required to provide the website, protect it from abuse, maintain security, or remember your cookie choices.
  2. Analytics cookies are not currently used on the public website. If analytics are added later and are not strictly necessary, they will require prior consent.
  3. Marketing or advertising cookies are not currently used on the public website. If marketing cookies are introduced, they will be clearly disclosed and enabled only after consent.
  4. You can change or withdraw your cookie choices at any time using your browser settings. If optional cookies are introduced later, we will also provide an appropriate cookie settings mechanism.

4. Cookie categories

4.1 Strictly necessary cookies

These cookies are required for the website to work securely and reliably. They may be used for:

  • website security;
  • abuse prevention;
  • bot and malicious traffic mitigation;
  • session handling;
  • load balancing;
  • remembering your privacy choices;
  • protecting login or registration flows;
  • ensuring the website can be delivered through Cloudflare.

These cookies do not require your consent under EU cookie rules when they are strictly necessary for a service you request or for website security. They should not be used for analytics, profiling or advertising.

4.2 Preference cookies

Preference cookies may remember choices such as language, cookie settings or display preferences.

If these are strictly limited to remembering your requested settings, they may be treated as necessary or preference cookies depending on their function. If they are not essential, they will be used only where permitted by law or after consent.

4.3 Analytics cookies

Analytics cookies help us understand how visitors use the website, for example which pages are visited and whether technical errors occur.

At the date of this policy, Notabot does not use analytics cookies on the public website.

If analytics tools are added later, this policy and the cookie banner must be updated before deployment.

4.4 Marketing cookies

Marketing cookies are used for advertising, retargeting, behavioural profiling or measuring advertising campaigns.

At the date of this policy, Notabot does not use marketing cookies on the public website. If marketing cookies are introduced, they must be disabled by default and activated only after explicit consent.

5. Cloudflare and security cookies

The Notabot website is served behind Cloudflare, which may process technical data such as IP address, request metadata, security signals and browser/device information to deliver, protect and optimize the website.

Cloudflare may set cookies or similar identifiers that are necessary for security, bot mitigation, traffic routing, rate limiting, load balancing or challenge verification. The exact cookies depend on the Cloudflare features enabled at a given time.

Cloudflare may process personal data as a processor or sub-processor for the website operator when providing its services, according to Cloudflare's Data Processing Addendum and related terms.

5.1 Cloudflare cookies that may appear

The following Cloudflare cookies may be set depending on configuration. Not all of them will necessarily appear for every visitor.

Cookie / identifier Provider Typical purpose Typical duration Category
__cf_bm Cloudflare Bot management and malicious traffic mitigation. Helps distinguish legitimate traffic from automated traffic. Usually up to 30 minutes of inactivity Strictly necessary / security
cf_clearance Cloudflare Stores proof that a visitor passed a Cloudflare challenge or JavaScript detection. Varies by configuration Strictly necessary / security
__cfseq Cloudflare May support Cloudflare sequence rules by tracking request order and timing for security rules. Varies by configuration Strictly necessary / security
_cfuvid Cloudflare May be used for rate limiting or identifying traffic patterns for security controls. Usually session-based Strictly necessary / security
__cflb Cloudflare Load balancing / session affinity, used to route a visitor to the same origin server where enabled. From seconds up to 24 hours Strictly necessary / load balancing

These cookies are used for website security and availability. They are not intended for advertising or cross-site behavioural profiling by Notabot.

6. Cookies and technologies used by Notabot itself

At the date of this policy, the production website uses one first-party Notabot cookie. In a logged-in developer session, the browser should still show only this Notabot cookie unless Cloudflare or a future optional service sets an additional cookie.

Name Provider Purpose Duration Category Consent required?
_tpac_web_key Notabot Maintains the Phoenix session, including CSRF protection and, when you log in to the developer area, the authenticated developer session state. Session cookie, deleted when the browser session ends Strictly necessary / session / security No
None currently used Notabot Analytics cookies are not currently used on the public website. Not applicable Analytics Yes, if introduced later and not consent-exempt
None currently used Notabot Marketing, advertising and retargeting cookies are not currently used on the public website. Not applicable Marketing Yes, if introduced later and not consent-exempt

Current observed cookie inventory:

A logged-in browser check on notabot.srcabc.com showed one Notabot cookie: _tpac_web_key with path /, HttpOnly, Secure, SameSite=Lax, host-only scope and session duration.

7. Legal basis under GDPR

Where cookies involve personal data, we rely on the following legal bases under the GDPR:

Cookie category GDPR legal basis
Strictly necessary / security cookies Legitimate interests in operating, securing and protecting the website, and/or performance of a requested service
Session and authentication cookies Performance of a contract or steps prior to entering into a contract, and legitimate interests in security
Cookie consent records Not currently used because the public website does not currently set optional analytics or marketing cookies
Analytics cookies Consent, unless configured in a way that is legally exempt from consent
Marketing cookies Consent

For cookies that require consent, consent must be given before the cookie is placed, and visitors must be able to withdraw consent as easily as they gave it.

8. Cookie consent choices

The public website currently uses only strictly necessary cookies. Because no optional analytics or marketing cookies are currently used, there is currently no cookie banner or cookie settings panel for optional cookie categories.

If optional cookies are introduced later, Notabot will ask for your consent before setting them where legally required. The cookie banner should then provide at least the following options:

  • Accept all
  • Reject non-essential
  • Customize settings

The customization panel should allow separate choices for:

  • Necessary cookies — always active;
  • Analytics cookies — optional;
  • Marketing cookies — optional.

Consent should not be bundled into registration, login, payment or use of the website. Refusing non-essential cookies should not prevent access to the basic website.

9. How to change or withdraw consent

Because optional cookies are not currently used, there is currently no optional cookie consent to withdraw. You can still control cookies at browser level by:

  1. clearing cookies in your browser;
  2. blocking or deleting cookies through your browser settings.

If optional cookies are introduced later, Notabot will provide a way to change or withdraw optional cookie consent. Strictly necessary security and session cookies may still be used.

10. Browser-level controls

Most browsers allow you to:

  • view cookies;
  • delete cookies;
  • block cookies from specific websites;
  • block third-party cookies;
  • clear local storage and session storage;
  • use private browsing modes.

Blocking all cookies may affect security, login, registration, payment flows, or Cloudflare security checks.

11. Payments and Stripe

Payment functionality is planned to be provided by Stripe. Stripe may use cookies or similar technologies when you interact with payment pages, checkout, fraud prevention or billing workflows.

Where Stripe-hosted payment pages or Stripe scripts are used, Stripe may set its own cookies for:

  • payment processing;
  • fraud prevention;
  • checkout security;
  • regulatory compliance;
  • payment session continuity.

Before enabling Stripe in production, this Cookie Policy and the cookie banner must be updated to include the exact Stripe cookies and technologies used in the selected integration mode.

12. Hosting and infrastructure

The website is hosted using Contabo infrastructure with a Germany-based hosting location, according to the current deployment information provided by the operator. Cloudflare is used in front of the website as a content delivery, DNS, security and traffic protection layer.

Infrastructure logs may include:

  • IP address;
  • request time;
  • requested URL;
  • HTTP status code;
  • user-agent;
  • referrer;
  • security events;
  • Cloudflare request identifiers;
  • rate-limiting or firewall events.

These logs are used for security, debugging, abuse prevention and service reliability.

13. International data transfers

Because Cloudflare and Stripe are international service providers, personal data may be processed outside the European Economic Area in certain circumstances.

Where international transfers occur, we rely on appropriate safeguards such as:

  • EU Standard Contractual Clauses;
  • Data Processing Addenda;
  • adequacy decisions where applicable;
  • technical and organizational security measures;
  • provider-specific transfer safeguards.

14. Retention

Cookie retention depends on the cookie type and provider.

Data / cookie type Typical retention
Session cookies Until browser session ends or configured session expiry
Cloudflare __cf_bm Usually up to 30 minutes of inactivity
Cloudflare __cflb Seconds to 24 hours, depending on configuration
Cookie consent record Not currently used
Security logs Kept only as long as necessary for security, debugging, abuse prevention and service reliability
Analytics data Not currently used
Marketing data Not currently used

Retention periods must be reviewed periodically and kept no longer than necessary.

15. Your rights

Where cookies or related technologies involve personal data, you may have rights under GDPR, including the right to:

  • access your personal data;
  • request correction;
  • request deletion;
  • object to processing based on legitimate interests;
  • restrict processing;
  • withdraw consent;
  • lodge a complaint with a supervisory authority.

Hungarian supervisory authority:

Nemzeti Adatvédelmi és Információszabadság Hatóság (NAIH)

Website: https://naih.hu/

16. Changes to this Cookie Policy

We may update this Cookie Policy when:

  • the website changes;
  • Cloudflare, Stripe or other service providers change;
  • analytics or marketing tools are added or removed;
  • applicable law or regulatory guidance changes;
  • our cookie banner or consent management tool changes.

The latest version will be published on this page with the "Last updated" date.