Cookie Policy

Effective date: 28 June 2026 Last reviewed: 28 June 2026

This Cookie Policy explains how DORIXÉ uses cookies and similar technologies (collectively, "cookies") on our websites, web applications, and related services (the "Platform"). It applies to all visitors and users worldwide, including those in the European Union / European Economic Area (EU/EEA), the United Kingdom, and the United States.

This Cookie Policy forms part of, and should be read together with, our Privacy Policy and our Terms of Service. Where this policy describes how we obtain and act on your consent, it reflects the requirements of the EU ePrivacy rules (Article 5(3) of Directive 2002/58/EC as implemented nationally, including Germany's TDDDG/TTDSG), the EU General Data Protection Regulation (GDPR), and, for U.S. residents, the California Consumer Privacy Act as amended by the CPRA and comparable state laws (Colorado, Virginia, Connecticut, and others).


1. Who we are

The Platform is operated by DORIXÉ, an eco-friendly home and office cleaning marketplace that connects clients with independent cleaning professionals. DORIXÉ is the party responsible (the "controller" under GDPR, and the "business" under U.S. state privacy laws) for the cookies set under its own domains.

  • Legal entity: DORIXÉ is operated by its founder. The business will complete its registration before the service begins operating to the public; the full registered entity name and legal form will be published here at that time.
  • Registered / principal address: DORIXÉ's postal contact address will be published here as part of completing registration before public launch; in the meantime, the email addresses below are monitored and are the fastest way to reach us.
  • Registration / VAT number: DORIXÉ's commercial-register entry and number will be published here once registration is completed, before the service begins operating.
  • Privacy / cookies contact: privacy@dorixé.com
  • Data Protection Officer / EU representative (Art. 27 GDPR), if appointed: No DPO is appointed (not required under Art. 37 GDPR), and no Art. 27 EU representative is required because the controller is established in Germany (the EU). Privacy contact: privacy@dorixé.com.

DORIXÉ is an intermediary platform only. It is not the employer of, and does not itself perform cleaning through, the independent cleaning professionals ("Cleaners") who use the Platform. This Cookie Policy concerns the cookies DORIXÉ sets on its own digital properties; third-party websites you reach through our links (including Eco-store affiliate links) set their own cookies under their own policies (see Section 8).


2. What are cookies and similar technologies?

Cookies are small text files placed on your device (computer, phone, or tablet) when you visit a website. They let a site recognise your device, remember your preferences, keep you signed in, secure your session, and understand how the site is used.

We use the term "cookies" broadly in this policy to also cover similar technologies that store or read information on your device, such as:

  • Local storage / session storage — data stored in your browser (for example, we store your cookie-consent choice in your browser's local storage under the key dorix_cookie_consent).
  • Pixels / tags / SDKs — small pieces of code used for analytics or, where applicable, marketing and affiliate attribution.
  • Device or identifier-based storage used by our payment, security, and analytics providers.

Cookies may be:

  • First-party — set by DORIXÉ under our own domain; or
  • Third-party — set by a service provider (subprocessor) acting on our behalf, or by a third party whose content or link you interact with.

They may also be:

  • Session cookies — deleted when you close your browser; or
  • Persistent cookies — remaining on your device until they expire or you delete them.

3. The categories of cookies we use

We group cookies into the categories below. Strictly necessary cookies are always active because the Platform cannot function without them and no consent is required for them under the ePrivacy rules. All other categories are non-essential and are loaded only with your consent (in the EU/EEA/UK) or subject to your right to opt out (in the United States). See Section 5 for how consent and opt-out work, and Section 6 for the detailed cookie table.

3.1 Strictly necessary cookies

Required to provide the Platform, keep it secure, and deliver services you actively request — for example, authentication and session management, fraud prevention on payments, load balancing, and remembering your cookie-consent choice. These cannot be switched off through our consent tools.

3.2 Analytics cookies (non-essential)

Help us understand how visitors use the Platform — which pages are viewed, how people navigate, and where issues occur — so we can improve it. We use a privacy-conscious analytics provider (Umami). Analytics is non-essential and is loaded only after you opt in. If you do not consent (or you decline / withdraw consent, or you send a recognised opt-out signal), our analytics script is not loaded and no analytics identifiers are set.

3.3 Marketing and affiliate / referral cookies (non-essential)

Used to attribute referrals through our affiliate and referral program (for example, recognising that you arrived via a referral code or an affiliate/influencer link so that a referral commission can be correctly credited) and, where we run them, to measure marketing campaigns. These are non-essential and are loaded only with your consent. Outbound affiliate links in our Eco-store may cause the destination merchant to set its own cookies — see Section 8.

We do not classify analytics or affiliate/marketing technologies as "essential." Labelling non-essential tracking as essential to avoid offering a real choice is not permitted, and we do not do it.

4. Why this matters — legal basis and your control

  • EU/EEA/UK (ePrivacy + GDPR): Storing or reading any non-essential information on your device requires your prior, specific, informed, and freely given consent. Strictly necessary cookies rely on the legal basis that they are essential to provide a service you requested. Where a cookie also involves processing personal data, our lawful bases are set out in our Privacy Policy.
  • United States (CCPA/CPRA and similar): We do not require opt-in consent for most cookies, but you have the right to opt out of any "sale" or "sharing" of personal information for cross-context behavioural advertising and to limit the use of sensitive personal information. We honour recognised browser opt-out signals (see Section 5.3).

You are never required to accept non-essential cookies in order to use the core Platform.


5. How to manage your cookie choices

5.1 Our consent banner and "Cookie settings"

When you first visit, we present a cookie banner before any non-essential cookie is set. The banner offers, with equal prominence and no pre-ticked boxes:

  • Accept all — enables analytics and marketing/affiliate cookies;
  • Reject all — keeps only strictly necessary cookies (as easy to choose as "Accept all"); and
  • Manage preferences — lets you turn individual non-essential categories (Analytics, Marketing/Affiliate) on or off.

Your choice is recorded with a timestamp and a consent version so we can demonstrate the choice you made. Non-essential scripts are not loaded until you have opted in, and choosing "Reject all" (or not choosing) means they are not loaded at all.

You can change or withdraw your choice at any time using the persistent "Cookie settings" link in our website footer, which re-opens the preference manager. Withdrawing consent is as easy as giving it; withdrawal takes effect going forward and does not affect processing that already took place.

5.2 Your browser

You can also block or delete cookies through your browser settings. Most browsers let you refuse some or all cookies, delete existing ones, and warn you before new ones are set. Blocking strictly necessary cookies may stop parts of the Platform (such as sign-in or checkout) from working. Browser help pages explain how to do this for Chrome, Safari, Firefox, and Edge.

5.3 Global Privacy Control and "Do Not Sell or Share" (U.S.)

For U.S. residents, we treat a recognised Global Privacy Control (GPC) browser signal as a valid request to opt out of any sale/sharing of personal information for cross-context behavioural advertising and to limit non-essential trackers. We also provide, where applicable, a "Do Not Sell or Share My Personal Information" and a "Limit the Use of My Sensitive Personal Information" control. To the extent DORIXÉ does not sell or share personal information, we say so in our Privacy Policy; where any sharing could occur through trackers, opting out (including via GPC or "Reject all") suppresses it.


6. Detailed cookie and similar-technology table

The table below lists the cookies and similar technologies the Platform may use. Specific names, providers, and durations set by third-party providers can change; we maintain this list and update it when material changes occur. Third-party providers process data under their own policies, and several are located in or transfer data to the United States — see Section 7 and our Privacy Policy for transfer safeguards.

Strictly necessary (always active — no consent required)

Name / identifierProviderPurposeDurationParty
__clerk_session / __client and related auth cookiesClerk (authentication)Keeps you securely signed in and manages your sessionSession / up to ~1 yearThird-party (first-party context)
__stripe_mid, __stripe_sidStripe (payments)Fraud prevention and secure payment/checkout, including identity-verification and Connect flows__stripe_sid ~30 min; __stripe_mid ~1 yearThird-party
dorix_cookie_consent (browser local storage)DORIXÉStores your cookie-consent choices, timestamp, and version~1 year / until clearedFirst-party
Session / security cookies (e.g. CSRF, load balancing, locale, real-time connection state for Pusher)DORIXÉ / PusherCore security, language preference, and live updates (e.g. messaging/booking status)Session to ~1 yearFirst-/third-party

Analytics (non-essential — loaded only after opt-in)

Name / identifierProviderPurposeDurationParty
Umami analytics identifier(s) / local storageUmami (analytics)Privacy-conscious, aggregated usage statistics (pages viewed, navigation, performance)Session / short-livedThird-party (first-party proxy via /_a)
Note: even in a "cookieless" or anonymised configuration, our analytics still reads from/writes to your device, so we treat it as non-essential and gate it on your consent.

Marketing and affiliate / referral (non-essential — loaded only with consent)

Name / identifierProviderPurposeDurationParty
Referral / affiliate attribution identifier (e.g. referral code, attribution cookie)DORIXÉ / affiliate toolingAttributes a referred booking to the correct affiliate or referring user for commission, within the stated attribution windowUp to the attribution window lifetime attribution (a referred user remains attributed to the referrer for the life of their account)First-/third-party
Eco-store outbound affiliate cookiesThird-party merchantsSet by the destination merchant when you follow an affiliate link; used by the merchant to attribute a purchasePer the merchant's policyThird-party

We do not run, at the date of this policy, third-party advertising or behavioural ad-targeting pixels. If we add them, we will update this table and obtain consent before they load.

Error monitoring (operational)

Name / identifierProviderPurposeDurationParty
Sentry client storage / identifiersSentry (error monitoring)Captures technical error and performance data to keep the Platform secure and working; configured to minimise personal dataShort-livedThird-party

Sentry supports our legitimate interest in security and debugging; we configure it to avoid sending unnecessary personal data. Its role is also described in our Privacy Policy.


7. Cookies, third-party providers, and international data transfers

Some cookies are set or read by third-party service providers (subprocessors) acting for us. These include, depending on the page and your choices:

  • Stripe — payments and Stripe Identity (provider verification);
  • Clerk — authentication;
  • Pusher — real-time updates;
  • Umami — analytics (non-essential);
  • Sentry — error monitoring.

Other providers we use (such as Resend for email, Backblaze B2 for file/photo storage, and Inngest for background jobs) generally do not set browsing cookies but may process personal data; the full, current subprocessor list, their roles, and their countries of processing are maintained in our Privacy Policy.

International transfers. Several of these providers are established in, or process data in, the United States or other countries outside the EU/EEA. Where personal data is transferred outside the EU/EEA/UK, we rely on an appropriate safeguard — the EU-U.S. Data Privacy Framework where the provider is certified, otherwise the EU Standard Contractual Clauses (and the UK Addendum/IDTA where relevant) together with supplementary measures. You can request a copy of the relevant safeguards from our privacy contact (see Section 1). Full details are in our Privacy Policy.


8. Affiliate links and the Eco-store

DORIXÉ operates an affiliate and referral program and an Eco-store that links to products sold by third parties via affiliate links. When you follow such a link, DORIXÉ may earn a commission, and the destination merchant may set its own cookies on your device, which we do not control. We display a clear affiliate disclosure near these links. Affiliate and referral attribution technologies we set ourselves are non-essential and are loaded subject to your consent (see Sections 3.3 and 6). Third-party merchant cookies are governed by the merchant's own cookie and privacy policies.


9. Cookies and special-sensitivity data

Some processing on the Platform involves higher-sensitivity data — for example, precise service-address geolocation and user-uploaded before/after photos of the inside of clients' homes. These are not collected through advertising or analytics cookies; they are collected as part of providing the booking service and are described in our Privacy Policy, including their purpose, access controls, storage location (Backblaze B2), and retention. We mention this here so it is clear that our analytics and marketing cookies are not used to build profiles from this sensitive data. For U.S. residents, the right to limit the use of sensitive personal information is addressed in our Privacy Policy.


10. Children

The Platform is not directed to children and is intended for adults. We do not knowingly use cookies to collect data from children below the applicable age of digital consent (16 in the EU, unless a lower age is set by a member state; 13 in the United States). See our Privacy Policy for our position on children's data.


11. How long cookies last and how we retain consent records

Each cookie's lifespan is shown in Section 6 (session, or a set number of minutes, days, or months). We keep a record of your consent choice — including the categories you accepted or rejected, the timestamp, and the policy version — for as long as needed to demonstrate compliance, after which it is deleted or anonymised. Cookie data is otherwise retained per the retention rules in our Privacy Policy.


12. Your rights

Depending on where you live, you may have rights to access, correct, delete, or port your personal data, to object to or restrict certain processing, to withdraw consent, and (in the United States) to opt out of any sale/sharing and to limit the use of sensitive personal information. You can exercise cookie-related choices at any time via the "Cookie settings" footer link, GPC (U.S.), or your browser. For all other rights and for how to submit a request (including authorised-agent and appeal processes for U.S. state laws), see our Privacy Policy or contact us using the details in Section 13.


13. Contact

Questions about cookies, or to exercise your choices:

  • Email: privacy@dorixé.com
  • Postal address (EU): DORIXÉ's postal contact address will be published here as part of completing registration before public launch; in the meantime, the email addresses below are monitored and are the fastest way to reach us.
  • Postal address (U.S.): Not applicable: there is no separate US entity; our registered EU (German) address above serves as our contact and notice address for all users.
  • Data Protection Officer / EU representative (if appointed): No DPO and no Art. 27 EU representative (neither is required; the controller is established in Germany). Contact privacy@dorixé.com.

EU/EEA users also have the right to lodge a complaint with their local data protection supervisory authority.


14. Changes to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, in technology, or in the law. When we make material changes, we will update the "Last reviewed" date above, increment the consent version where appropriate, and — where required — notify you (for example, by re-presenting the cookie banner or by email/in-app notice). We review this policy at least every 12 months. Please check back periodically; your continued use of the Platform after a non-material update constitutes acceptance of the updated policy.