Legal

Cookie and Tracking Notice

1. How we use cookies

This notice describes HTTP cookies and closely related browser storage that PRIMA or its providers use when you use our website and app. For a full list of vendors, see our Privacy Policy.

Essential cookies are required for sign-in, security, and basic routing. They cannot be turned off if you use PRIMA; blocking them will break authentication or tenant routing. Non-essential tools (for example some monitoring features) are described below; where the law requires consent, we align with your choices in the marketing-site banner and applicable settings.

2. Authentication & session (Clerk)

When Clerk is enabled, Clerk sets and manages first-party and Clerk-domain cookies so you can sign in securely and stay signed in. Typical examples include session and client freshness cookies such as __session and __client_uat; exact names and lifetimes can vary by Clerk version, deployment, and cookie domain. Clerk may also rely on infrastructure providers (for example Cloudflare) on Clerk-controlled domains.

Official reference: Clerk — How Clerk uses cookies.

Name / technology	Purpose	Type	Expiry
Clerk session cookies (e.g. __session, __client_uat)	Authentication and secure session management	Essential	Defined by Clerk (short-lived JWT / session lifecycle; see Clerk docs)

3. Cookies set by PRIMA

Name / technology	Purpose	Type	Expiry
prima-subdomain	Remembers which company subdomain you are visiting so dashboards and APIs can resolve the correct tenant	Essential	Browser session (no fixed expiry); updated when you use a tenant hostname
prima-dev-instant	Development-only sign-in cookie for InstantDB when Clerk is bypassed locally or on certain preview configurations	Essential	Session / until cleared — not used on production deploys

4. Consent preference (local storage)

The marketing-site banner saves your Accept / Decline choice under the key prima-cookie-consent in your browser's local storage (not an HTTP cookie). Treat it like a persistent preference until you clear site data or change the choice.

Name / technology	Purpose	Type	Expiry
prima-cookie-consent	Stores whether you accepted or declined non-essential tracking on marketing pages so we don't show the banner again	Functional	Until you clear browser storage or change preference

5. Monitoring & hosting (Sentry & Vercel)

Sentry — We use the Sentry JavaScript SDK for error monitoring and (where configured) Session Replay. According to Sentry's documentation, the browser SDK does not set HTTP cookies for this purpose. Replay and related features may use session storage (and similar mechanisms) within the browser for the lifetime of a tab; payloads are transmitted to Sentry servers for diagnostics. Classification: analytics / monitoring processing.

Privacy: sentry.io/privacy.

Vercel — PRIMA is hosted on Vercel. Your requests pass through Vercel's platform, which handles routine hosting, security, and logging in line with Vercel's privacy policy. PRIMA's codebase does not add a standalone "Vercel Analytics" snippet; analytics-style processing of errors is handled via Sentry as above. Additional cookies or identifiers may still be used by Vercel for infrastructure purposes (including bot/abuse mitigation) depending on edge configuration.

Name / technology	Purpose	Type	Expiry
Sentry browser SDK — HTTP cookies	Server communication for errors and Replay (SDK does not set HTTP cookies per Sentry)	Analytics / monitoring	N/A — no PRIMA-named HTTP cookie from Sentry JS SDK
Session Replay (session storage keys, varies by SDK)	Associate replay buffering with your tab when Replay is sampled	Analytics / monitoring	Generally cleared when the browser tab closes
Vercel platform / edge (if set)	Hosting, routing, resilience, abuse protection	Essential (infrastructure)	Depends on Vercel configuration — see Vercel documentation and headers you receive

6. Related links

Privacy Policy — subprocessors and your rights
Subprocessor list