Plain language summary: We use a small number of cookies to keep you logged in and to understand how people use the app. We don't use advertising trackers. You can manage or disable non-essential cookies through your browser settings.
A cookie is a small text file stored on your device by a website. Cookies help websites remember information about your visit — like whether you're logged in — so you don't have to re-enter it every time.
There are also similar technologies like localStorage and sessionStorage, which store data locally in your browser. Risiti uses these as well, primarily for authentication.
| Name / Key | Type | Purpose | Duration |
|---|---|---|---|
__convexAuthJWT |
Essential | Stores your authentication token so you remain logged in. Without this, you would need to re-verify your phone number on every visit. | Session / until token expires (~1 hour, auto-refreshed) |
__convexAuthRefreshToken |
Essential | Stores a refresh token that allows your session to be silently renewed without re-entering your OTP. Stored in localStorage. | Up to 30 days (cleared on sign out) |
| Cloudflare Web Analytics beacon | Analytics | Collects anonymized page view and performance data (page load time, errors). Does not use cookies — it is a cookieless, privacy-preserving analytics tool. No personal data is collected. No cross-site tracking. | N/A (cookieless) |
| Vercel Analytics & Speed Insights | Analytics | Collects anonymized performance metrics (Core Web Vitals) and page view data. Privacy-preserving by design — no personal identifiers, no cross-site tracking, no advertising profiles. | Session-level (no persistent cookies set) |
The authentication tokens (__convexAuthJWT and __convexAuthRefreshToken) are strictly necessary for the Service to function. Without them, you cannot stay logged in. These do not require your consent under the Kenya Data Protection Act, 2019, as they are necessary for service delivery.
The Cloudflare and Vercel analytics tools collect anonymized performance data to help us improve the platform. Both are cookieless and privacy-preserving — they do not track you across sites, do not build personal profiles, and do not share data with advertisers.
Because these tools do not process personal data, they fall within the legitimate interest basis and do not require separate consent. However, you may opt out as described in Section 4.
You can control or delete cookies through your browser settings. Here's how:
Note: Clearing the essential authentication tokens will log you out of Risiti. You will need to verify your phone number again to log back in.
The Risiti mobile app (iOS and Android) does not use browser cookies. It uses device-local storage (AsyncStorage / SecureStore) to maintain your authenticated session, equivalent to the localStorage entries described above. The same data retention rules apply.
Under the Kenya Data Protection Act, 2019, consent is required for non-essential cookies that process personal data. Risiti's analytics tools (Cloudflare, Vercel) are cookieless and do not process personal data, so no cookie consent banner is required for them.
For the essential authentication tokens, no consent is required as they are necessary to deliver the service you have requested.
If we introduce any new analytics or tracking tools that process personal data in the future, we will update this policy, add those tools to the table above, and seek your consent via an in-app cookie banner before they are set.
We will update this Cookie Policy if we change the cookies or tracking technologies we use. Material changes will be communicated via in-app notification. The current version is always available at getrisiti.com/cookie-policy.
For questions about this Cookie Policy: