Cookie policy
Effective date: April 12, 2026.
This Cookie Policy explains how KupaLabs FZCO (incorporated under the Dubai Integrated Economic Zones Authority (DIEZA), Building A1, Dubai Digital Park, Dubai Silicon Oasis, Dubai, United Arab Emirates), operator of the DiffHook service ("DiffHook," "we," "us"), uses cookies and similar technologies (collectively "cookies") on our website and web application at diffhook.com (the "Service"). It supplements our Privacy Policy.
1. What are cookies
Cookies are small text files placed on your device by a website to store information. We also use browser localStorage and sessionStorage (collectively referred to as "local storage") for similar purposes. These technologies serve functions such as keeping you logged in, remembering your preferences, and understanding how the Service is used.
2. Cookie categories we use
We use two categories of cookies and local storage items on the Service:
Strictly necessary
These cookies and local storage entries are essential for the Service to function. Without them, core features such as authentication and security cannot operate. They are deployed without requiring your consent under the ePrivacy Directive and equivalent laws.
| Name / Key | Technology | Purpose | Duration |
|---|---|---|---|
dh-token-{teamId} |
localStorage | Stores your authentication token for the active workspace. Required to stay logged in. | Until sign-out or token expiry |
dh-last-team |
localStorage | Remembers your most recently accessed team so the app can redirect you after login. | Persistent |
dh-theme |
localStorage | Stores your light/dark mode preference. | Persistent |
dh-code-lang |
localStorage | Remembers your preferred language and HTTP client for API code samples (e.g. shell:curl, python:requests). |
Persistent |
dh-cookie-consent |
localStorage | Stores your cookie choices (including policy version) so we don’t show the banner on every visit. | Persistent |
| CSRF token (session) | sessionStorage | Protects form submissions against cross-site request forgery. | Session |
Strictly necessary cookies cannot be disabled through this banner. You can delete them via your browser settings or by signing out of your account, but doing so will end your session.
Analytics
These cookies help us understand how visitors interact with the Service — which pages are visited and how features are used. The data is used in aggregate to improve the product.
We use Google Analytics 4 (“GA4”), provided by Google LLC (or, where applicable, Google Ireland Limited), via Google’s gtag.js tag. DiffHook implements GA4 Consent Mode v2, which means the GA4 script loads on every visit but operates in one of two modes depending on your choice:
Before you decide, or if you decline Analytics (analytics_storage: denied): GA4 sends anonymised, cookieless pings to Google. No _ga, _gid, or other GA4 cookies are written to your device. Google uses these cookieless signals for aggregate conversion modelling only; no personal profile is built and no cross-site tracking occurs.
If you accept Analytics (analytics_storage: granted): Full GA4 measurement is enabled. GA4 may then set cookies such as _ga (up to 24 months) and _gid (24 hours) to distinguish visitors and sessions and provide accurate usage statistics.
GA4 is configured for measurement and product insight only — not for advertising personalisation through DiffHook. For how Google uses data when you use sites or apps that use Google services, see Google’s Privacy Policy and Google’s information about GA4 and cookies.
| Provider | Technology | Consent state | What is sent | Cookies set |
|---|---|---|---|---|
| Google (Analytics) | GA4 / gtag.js |
Denied (default) | Anonymised, cookieless modelling pings | None |
| Google (Analytics) | GA4 / gtag.js |
Granted | Full analytics measurement | _ga (24 mo), _gid (24 h), _gat (1 min) |
You can change your Analytics choice at any time using the Cookie preferences link in the site footer. If you withdraw consent, we immediately signal analytics_storage: denied to GA4 and delete any GA4 cookies currently on your device. GA4 will not write new cookies until you grant consent again.
3. Third-party cookies
Google (Analytics). The GA4 script loads on every visit (see Section 2). When Analytics consent is denied, Google receives only anonymised, cookieless modelling pings — no cookies are set and no personal data is sent. When Analytics consent is granted, Google may set _ga, _gid, and related cookies as described in Section 2.
Stripe. When you access the billing section of the Service, Stripe, Inc. may set cookies or use browser storage for fraud prevention and payment processing purposes. These are governed by Stripe's Cookie Policy. We do not control Stripe's cookie practices; however, Stripe cookies are only active on pages where payment functionality is loaded.
No third-party advertising, retargeting, or social media tracking cookies are set by DiffHook beyond the vendors above.
4. Managing your preferences
Via our banner. On your first visit, a cookie consent banner will appear offering you the choice to accept all cookies, reject non-essential cookies, or manage individual categories. Your choice is saved and respected on subsequent visits.
Via the footer link. At any time you can revisit your preferences by clicking Cookie preferences in the site footer. This reopens the preference panel, allowing you to change or withdraw consent.
Via your browser. All major browsers allow you to view, block, or delete cookies and clear local storage:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Please note that blocking strictly necessary cookies will prevent you from using core features of the Service, including logging in.
Do Not Track. Some browsers send a "Do Not Track" (DNT) signal. DiffHook does not currently respond to DNT signals because there is no universally accepted standard for what DNT should mean for web applications. You can control analytics tracking directly through our consent banner regardless of your DNT setting.
5. Consent and lawful basis
Under the EU ePrivacy Directive (as implemented in national law, including the UK Privacy and Electronic Communications Regulations), strictly necessary cookies do not require consent. All other cookies require freely given, specific, informed, and unambiguous prior consent.
For analytics, we implement GA4 Consent Mode v2 as described in Section 2. The GA4 script itself loads on every visit as part of the page infrastructure, but no analytics cookies are set and no personally identifiable data is sent to Google until you grant consent. The cookieless modelling pings sent before consent do not constitute cookie-based tracking and do not identify you individually.
Consent is recorded with a timestamp and the version of this policy in force at the time. When we make material changes to our cookie practices, we will reset the consent flag and ask for your choice again.
6. Changes to this policy
We may update this Cookie Policy to reflect changes in our cookie practices, technology, or legal requirements. Material changes will prompt a new consent request. The effective date above reflects the most recent revision.
7. Contact
For questions about our use of cookies, contact us at support@diffhook.com or visit Support.