Cookies policy.
Last updated · 19 May 2026 · v4.1
Whaliepay sets the smallest possible set of cookies needed to keep our merchants signed in to the console and to remember language preference. We do not run third-party advertising cookies. We do not embed Google Analytics, Meta Pixel or any cross-site tracker. Server-side privacy-preserving analytics (Plausible EU) records aggregated page views without cookies. This page lists every cookie we set, on which domain, for what purpose and for how long.
Article 1 · What is a cookie
A cookie is a small text file that a website asks your browser to store. It is sent back to the server with every subsequent request to that same domain. Cookies are commonly used for keeping a user signed in (a session cookie), for remembering preferences (a preference cookie), for tracking a user across sessions or sites (a tracking cookie), or for delivering personalised advertising (an advertising cookie). Whaliepay uses only the first two categories and never the latter two.
Article 2 · Strictly necessary cookies (cannot be disabled)
These cookies are required for the Whaliepay service to function. They cannot be switched off in our systems. You can block them in your browser, but the console will not work.
| Cookie name | Purpose | Lifetime | Domain |
|---|---|---|---|
wh_session | Keeps you signed in to the console. Contains a signed JWT — no personal data is stored in the cookie itself, only a session reference. | 12 hours (refreshable, up to 30 days) | console.whaliepay.com |
wh_csrf | Cross-site request forgery protection. Used on every state-changing API call from the console. | Session (closes with the browser tab) | console.whaliepay.com |
wh_sso | Tracks the SSO flow state during the redirect to your identity provider (Google, Microsoft, Okta). | 10 minutes | console.whaliepay.com |
wh_lang | Remembers your language choice (EN, FR, DE, ES, IT) so we don't ask again. | 1 year | whaliepay.com |
wh_theme | Remembers your dark-mode / light-mode preference, or "follow system". | 1 year | whaliepay.com |
wh_consent | Records that you have seen the cookie banner so we don't show it again. Contains the version number of the consent text. | 1 year | whaliepay.com |
Article 3 · Functional cookies (optional, opt-in)
The following cookies are only set if you actively interact with a feature that requires them.
| Cookie name | Purpose | Lifetime | Domain |
|---|---|---|---|
wh_demo_state | Set when you start the interactive routing demo on the homepage, to keep your demo state across page reloads. | 1 day | whaliepay.com |
wh_video_pos | Set if you play the embedded product video, to remember playback position and chosen quality on next visit. | 30 days | whaliepay.com |
wh_calc_input | Stores the values you typed into the ROI calculator on the pricing page, so a page refresh doesn't lose your input. | 7 days | whaliepay.com |
Article 4 · Analytics
Whaliepay uses Plausible Analytics (EU edition), a privacy-preserving analytics service that does not use cookies and does not collect personal data. Plausible records the URL of the page viewed, the referring URL if any, the browser family (Chrome / Firefox / Safari), the operating system family, the country (resolved from IP at request time then immediately discarded), and the device class (desktop / tablet / mobile). All of these are aggregated daily into statistics. No individual visitor can be re-identified. The IP address is never stored and never written to disk. Hosted by Plausible Insights B.V. in Frankfurt, Germany.
Because Plausible is cookieless, Whaliepay does not strictly need a cookie banner under the European ePrivacy Directive. We display one anyway because we prefer transparency over the legal minimum.
Article 5 · Third-party cookies
Whaliepay does not set any third-party cookies on its marketing site at whaliepay.com.
On the console at console.whaliepay.com, the only third-party cookies that may be set are those required by our identity provider when you sign in with SSO (Google, Microsoft, Okta). Those cookies are set on the IdP's own domain and are governed by the IdP's own cookies policy. Whaliepay never reads or writes those cookies. Similarly, our PSP partner consoles (Stripe Dashboard, Adyen CA, etc.) may be opened from inside Whaliepay via deep links — those open as separate browser tabs on the PSP's own domain.
Article 6 · Managing your cookies
You can manage cookies through your browser settings. Most browsers accept cookies by default but allow you to refuse all, refuse third-party, or refuse from specific sites.
If you block wh_session or wh_csrf you will not be able to sign in to the console. All other cookies can be blocked without losing access to the public site.
Article 7 · Do Not Track and Global Privacy Control
Whaliepay honours the Do Not Track header and the Global Privacy Control signal. When either is enabled, no functional cookie is set; only the strictly-necessary cookies (session, CSRF, language, theme, consent acknowledgement) remain.
Article 8 · Changes to this policy
We update this policy whenever the set of cookies changes. Each material change is announced 30 days in advance by email to all active merchants and by a banner on the marketing site. The "Last updated" date at the top of this document reflects the current version. Previous versions are archived and available on request from [email protected].
Article 9 · Contact
For any cookies question, write to [email protected]. To exercise your data protection rights more broadly, see our privacy policy and contact our Data Protection Officer at [email protected].
— Whaliepay LLC, Amsterdam · Lyon · Berlin, 19 May 2026.