Cookie Policy

Last updated: March 23, 2026 — Effective Date: March 23, 2026

1. What Are Cookies

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website or use a web application. They are widely used to make websites and applications work more efficiently, to provide a better user experience, and to supply information to the operators of the site or application.

In addition to cookies, Gemhubx may use similar technologies, including:

localStorage: A web storage mechanism that allows websites to store key-value pairs persistently in a user's browser. Unlike cookies, localStorage data is not sent with every HTTP request and has a larger storage capacity (typically 5–10 MB). We use localStorage to store non-sensitive user interface preferences.
sessionStorage: Similar to localStorage, but data is cleared when the browser tab or window is closed. We use sessionStorage to maintain temporary state during your active browsing session, such as navigation context within the Shopify embedded app.
Session identifiers: Server-side session tokens that are referenced by a cookie in your browser to maintain your authenticated state.

Throughout this policy, the term "cookies" is used broadly to encompass all of these technologies unless otherwise specified.

2. How We Use Cookies

Gemhubx uses cookies and similar technologies to:

Authenticate you and maintain your logged-in session, including within the Shopify Admin embedded iframe
Protect against cross-site request forgery (CSRF) attacks
Remember your preferences and settings (such as sidebar state and language)
Understand how you interact with our application so we can improve the user experience
Ensure the security and integrity of our service
Comply with Shopify's embedded app requirements, which necessitate specific cookie configurations (e.g., SameSite=None; Secure) to function within the Shopify Admin iframe

3. Types of Cookies We Use

The following table provides a detailed breakdown of the cookies and similar storage mechanisms used by Gemhubx:

3.1 Essential / Strictly Necessary Cookies

These cookies are required for the core functionality of Gemhubx. Without them, the application cannot function properly. They cannot be disabled.

Cookie Name	Purpose	Duration	Can Be Disabled
`gemhubx_session`	Session management and authentication. Maintains your logged-in state and associates your browser with your server-side session. Essential for all authenticated functionality including product browsing, importing, and order management.	Session duration (expires when browser closes or after 24 hours of inactivity)	No — required for the application to function
`XSRF-TOKEN`	Cross-Site Request Forgery (CSRF) protection. Ensures that form submissions and state-changing requests originate from Gemhubx and not from a malicious third-party site.	Session duration (refreshed with each request)	No — required for security
`remember_web_*`	"Remember me" functionality. Allows you to remain authenticated across browser sessions without needing to re-authenticate each time you return.	30 days	No — required for persistent authentication

3.2 Functional Cookies

Functional cookies enhance your experience by remembering choices you have made. They are not strictly necessary for the application to operate but provide a more convenient and personalized experience.

Cookie / Storage Name	Purpose	Duration	Can Be Disabled
`sidebar_state`	Remembers whether the navigation sidebar is expanded or collapsed, so your preference persists across page loads.	30 days	Yes — sidebar will default to expanded state
`locale`	Stores your preferred language and locale setting so the application displays content in your chosen language.	1 year	Yes — application will use default language

3.3 Analytics Cookies

Analytics cookies help us understand how visitors interact with Gemhubx by collecting and reporting usage data in an anonymized or aggregated form.

Data Collected	Purpose	Duration	Can Be Disabled
Usage pattern data (pages viewed, features used, interaction frequency, session duration)	Helps us identify which features are most used, detect usability issues, and prioritize improvements to the application.	12 months	Yes — you can opt out (see Section 5)

4. Cookies Set by Third Parties

In addition to cookies set directly by Gemhubx, third-party services integrated into our application may set their own cookies:

4.1 Shopify App Bridge

When Gemhubx is loaded within the Shopify Admin as an embedded application, Shopify's App Bridge framework may set or read cookies to manage the embedding context, maintain the merchant's Shopify session, and handle navigation between the app and the Shopify Admin. These cookies are governed by Shopify's Cookie Policy.

4.2 Cloudflare

Our service is protected by Cloudflare, which may set the following cookies:

__cf_bm: A bot management cookie used by Cloudflare to identify and distinguish between humans and automated bots. This cookie is essential for security and cannot be disabled. It expires 30 minutes after the last page load.
cf_clearance: Set when a visitor completes a Cloudflare challenge (e.g., CAPTCHA). It indicates that the visitor has been verified and allows subsequent requests to pass without further challenges. Duration varies.

For more information, see Cloudflare's cookie documentation.

4.3 Google Fonts

We use Google Fonts to serve the Montserrat typeface used throughout our application. When your browser loads fonts from Google's servers, Google may collect limited data such as your IP address, browser type, and the URL of the page requesting the font. Google's use of this data is governed by the Google Privacy Policy. Google Fonts does not set cookies in your browser, but it does log font requests on Google's servers.

5. How to Control Cookies

You have the right to control which cookies are stored on your device. Please note that disabling essential cookies will prevent Gemhubx from functioning correctly.

5.1 Browser Settings

Most web browsers allow you to manage cookies through their settings. Below are instructions for the most common browsers:

Google Chrome: Go to Settings > Privacy and Security > Cookies and other site data. You can block all cookies, block third-party cookies, or manage exceptions for specific sites.
Mozilla Firefox: Go to Settings > Privacy & Security > Cookies and Site Data. Choose your preferred level of cookie blocking under Enhanced Tracking Protection (Standard, Strict, or Custom).
Apple Safari: Go to Safari > Preferences > Privacy. You can block all cookies, prevent cross-site tracking, or manage website data for individual sites.
Microsoft Edge: Go to Settings > Cookies and site permissions > Manage and delete cookies and site data. You can block all cookies, block third-party cookies, or allow exceptions.

5.2 Important Notes

Essential cookies cannot be disabled without breaking the core functionality of Gemhubx. If you block these cookies, you will not be able to log in, maintain a session, or use any authenticated features.
If Gemhubx is used as an embedded Shopify app, your browser must accept third-party cookies with SameSite=None; Secure attributes for the application to function within the Shopify Admin iframe.
Clearing cookies will log you out of all sessions and reset any stored preferences.

6. Cookie Consent

Gemhubx handles cookie consent as follows:

Essential cookies: These are set without prior consent as they are strictly necessary for the provision of the service you have requested. This is permitted under GDPR Article 6(1)(b) (contract performance) and the ePrivacy Directive.
Non-essential cookies: We request your consent before setting functional or analytics cookies. You may grant or withhold consent when prompted.
Withdrawing consent: You can withdraw your consent for non-essential cookies at any time by adjusting your browser settings (see Section 5) or by contacting us at [email protected]. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
Record of consent: We maintain records of consent granted or refused for non-essential cookies to demonstrate compliance with applicable regulations.

7. Do Not Track

Gemhubx respects the "Do Not Track" (DNT) browser signal. When we detect that your browser has DNT enabled, we will:

Not set analytics or tracking cookies
Not collect usage pattern data for analytics purposes
Continue to set essential and functional cookies necessary for the service to operate

Please note that not all third-party services integrated with our application may honor the DNT signal. We encourage you to review the privacy policies of third-party services listed in Section 4 for their specific DNT practices.

8. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use, changes in technology, or changes in applicable law. When we make changes to this policy:

The "Last updated" date at the top of this page will be revised.
Material changes will be communicated through the application or via email notification.
If changes affect cookies that require consent, we will re-request consent for the modified cookies.

Changes to this Cookie Policy are effective upon posting unless otherwise stated. Your continued use of Gemhubx after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this policy periodically.

9. Contact

If you have questions about this Cookie Policy, the cookies we use, or how to manage your cookie preferences, please contact us:

Gemhubx
Email: [email protected]
Website: https://gemhubapp.com
Support: [email protected]

For general data protection inquiries, please refer to our Privacy Policy.