Cookie Policy
Last updated: May 27, 2026
1. Who we are and what this policy covers
Clikr is operated by Mawal AB, a Swedish private limited company (aktiebolag) registered under organization number 559279-0462, with its registered office at Hallandsgatan 38, 118 57 Stockholm, Sweden.
This policy explains the cookies and similar storage technologies used on www.clikr.app and how you can control them. How we handle personal data more generally is described in our Privacy Policy. If you have questions about cookies, you can reach us at hello@clikr.app.
2. What cookies and similar technologies are
A cookie is a small text file a website asks your browser to store on your device and reads back on later visits or page loads. A cookie set under our own domain is a first-party cookie. A cookie set under another company's domain, when that company's code runs on the page, is a third-party cookie. A session cookie is deleted when you close your browser; a persistent cookie stays until it expires or you delete it.
Browsers also offer other ways to store and read information on your device. Clikr uses two of them. Local storage and session storage are key-and-value stores in your browser: local storage persists until it is cleared, while session storage is cleared when the browser tab closes. We also store sign-in state in IndexedDB, a structured store in the browser.
The same consent rules apply to all of these technologies, not only to classic cookies. This policy uses "cookies" as shorthand for cookies, local storage, session storage, and IndexedDB together.
3. Why we use cookies and how we ask for consent
Clikr turns your phone into a wireless laser pointer for presentations. We use cookies and similar storage to run the service, to keep you signed in when you have an account, to remember your cookie choices, and to help us find and fix errors. We do not currently use advertising or cross-site tracking cookies, though we expect that to change as the service grows (see the Targeting category below).
Strictly necessary cookies and storage are set without asking for consent, because they are needed to provide the service you explicitly requested. For every other category, we ask for your consent first.
When you first visit the site, a consent banner appears. Its first layer lets you choose "Accept All", "Deny All", or "Customize". Rejecting is as direct as accepting: both are buttons on that first layer. "Customize" opens a panel with three categories, Essential, Performance, and Targeting. Essential is always on and cannot be switched off. Performance and Targeting are not pre-selected; you turn them on yourself if you want them. Your choice is saved in a strictly necessary cookie and a matching local-storage entry (both named cookie-consent) so the service can honor it and so we can show that consent was given. We may ask again periodically, and we will ask again if our use of non-essential cookies changes in a material way.
You can change or withdraw your consent at any time. Section 6 explains how.
4. The cookies and storage we use, by category
The set of cookies and storage can change as the service evolves and as the third-party providers below update their own technologies. The live, current set is always visible in your browser's developer tools, under the Application or Storage tab. The tables below were verified against the codebase and product documentation.
Strictly necessary
These are needed to deliver the service you asked for, so they are set without asking for consent. They remember your cookie-consent choice, keep you signed in when you have an account, and let Paddle complete a purchase you started. Blocking them in your browser may break parts of the service, including sign-in and checkout.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| cookie-consent | Clikr (first-party) | Stores your cookie-consent choice and the policy version | Cookie | 365 days |
| cookie-consent | Clikr (first-party) | Stores your cookie-consent choice, the policy version, and the time you made it | Local storage | Until cleared |
| Firebase Authentication state | Google Firebase (first-party storage in your browser) | Keeps you signed in to your account between page loads, for signed-in users only | Local storage and IndexedDB | Until you sign out or clear it |
| Paddle checkout cookies | Paddle (third-party), set on Paddle's own domain | Runs the checkout flow and helps prevent fraud when you open the Paddle checkout to buy Pro | Cookie | Set and controlled by Paddle |
| presenter-settings | Clikr (first-party) | Remembers your in-app pointer settings (color, trail effect) so they persist across sessions | Local storage | Until cleared |
| presenter-session-id | Clikr (first-party) | Holds the last paired session ID so you can return to a live session if you accidentally navigate away | Session storage | Until the tab closes |
| presenter-onboarding-seen | Clikr (first-party) | Suppresses the first-run help overlay after you have seen it | Local storage | Until cleared |
| clikr.trial.countdown-banner-dismissed | Clikr (first-party) | Remembers that you closed the trial-countdown banner so it does not reappear within the same browsing session | Session storage | Until the tab closes |
| clikr.trial.expired-banner-dismissed:<ts> | Clikr (first-party) | Remembers that you closed the trial-expired banner. Keyed by the timestamp at which your trial was used so a fresh trial for the same browser starts with the banner re-enabled | Local storage | Until cleared |
Performance
Performance technologies help us understand how the site is used and find errors so we can fix them. They are not strictly necessary. Where one of them stores or reads anything on your device, we keep it behind your Performance consent choice.
Why Vercel Analytics runs without a consent banner
We use Vercel Analyticsfor aggregated usage statistics such as page views and visitor counts. Vercel Analytics is built to be cookieless: it sets no cookies and stores nothing on your device, so there is no entry for it in the table below. Article 5(3) of the ePrivacy Directive (the rule that requires a consent banner before "storing or accessing information on terminal equipment") only applies when something is read from or written to your device. Because Vercel Analytics does neither, the consent banner does not gate it. The processing of any data Vercel Analytics still receives, such as the visited URL and a coarse country derived from the request IP, is covered by our Privacy Policy.
We also use Sentry for error monitoring on the production site. Sentry includes a session-replay feature in error-buffer mode. The replay feature does not record video of your screen. It captures the page content and your interactions, such as clicks and scrolling, and reconstructs them so we can see what led to an error. In production, text is masked and media is blocked in those reconstructions. The reconstruction is held only in your browser and is sent to Sentry only if an error occurs.
The Sentry session-replay component is a non-essential performance technology, so it is gated behind your Performance consent choice. It does not start, and it writes nothing to your browser's storage, until you allow the Performance category in the consent banner. If you later withdraw that consent, the replay stops. Error monitoring itself, which records error details so we can find and fix faults, runs regardless of this choice because it stores nothing on your device.
| Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| Sentry replay-session identifier | Sentry (third-party), production site only | Identifies a session-replay buffer so an error reconstruction can be sent if an error occurs; written only after you allow the Performance category | Session storage | Session (cleared when the tab closes) |
Targeting
The consent banner offers a Targeting category for advertising and campaign-measurement cookies. Clikr does not set any Targeting cookies today, so there are none to list here yet. We expect this to change: as Clikr grows, we plan to advertise it on third-party platforms and to measure how well those campaigns perform, which would involve advertising or conversion-measurement cookies in this category. Any such cookie will be gated behind your Targeting consent, and we will update this policy and the consent banner before it is set.
5. Third parties that set cookies through Clikr
Third-party cookies and storage are governed by the third party's own cookie and privacy notices, and we do not control them. The third parties involved are:
- Google Firebase stores your sign-in state in your browser so you stay authenticated. Firebase privacy and security.
- Sentry provides error monitoring and session replay on the production site, through an EU ingest endpoint. Sentry privacy policy.
- Paddle, our Merchant of Record, operates the checkout. When you open the Paddle checkout to buy Pro, Paddle sets its own cookies on its own domain for the checkout flow and fraud prevention, along with cookies set by the providers Paddle relies on to run the checkout. None of these land on the Clikr domain. Paddle privacy notice.
6. How to manage, change, or withdraw your consent
To change your choices, click the cookie icon (🍪) in the bottom-left corner of any page. This clears your saved consent and reopens the banner, so you can accept all, deny all, or pick categories again. You can also clear your browser's cookies and local storage to reset your choices.
You can change or withdraw your consent at any time. Doing so is as easy as giving consent in the first place. Withdrawing consent does not affect the lawfulness of anything we did based on your consent before you withdrew it.
Your browser can also block or delete cookies and clear site storage, usually from its privacy or site-data settings. Blocking strictly necessary cookies and storage may break parts of Clikr, including sign-in and checkout.
7. Do Not Track and Global Privacy Control
Clikr does not respond to the browser Do Not Track (DNT) signal, because there is no common, agreed standard for how a site should act on it.
Global Privacy Control (GPC) is a browser signal that asks a site to opt you out of the sale or sharing of your personal information. We do not currently detect or act on the GPC signal on the server. As section 8 explains, Mawal AB does not sell or share personal information through cookies, so there is nothing for a GPC signal to switch off.
8. US state privacy rights and cookies
Some advertising and tracking cookies share information with third parties, and US state privacy laws such as the California Consumer Privacy Act (CCPA) can treat that as a "sale" or "sharing" of personal information. The CCPA's obligations, including the duty to honor a Global Privacy Control signal, bind businesses that meet its thresholds.
Mawal AB is not a covered business under the CCPA, and it does not sell or share personal information through cookies as those terms are used under US state privacy law. Clikr runs no advertising or cross-context tracking cookies. We honor the privacy rights described here voluntarily, on the same basis as our Privacy Policy. If we ever introduced cookies that amounted to a sale or sharing, we would honor a valid Global Privacy Control signal as an opt-out and provide a way to opt out. Our Privacy Policy carries the full account of US state privacy rights.
9. How cookies relate to your personal data
Some of the cookies and storage described here process personal data, such as online identifiers or your IP address. How we handle personal data, the legal bases we rely on, who we share it with, how long we keep it, and the rights you have are described in our Privacy Policy.
10. Changes to this Cookie Policy
We may update this policy as Clikr evolves. The "Last updated" date at the top reflects the most recent change. When the set of non-essential cookies changes in a material way, we bump the stored consent version, which prompts the banner to ask for your consent again before the new cookies are set.
11. How to contact us and complain
Questions about this policy can be sent to Mawal AB at hello@clikr.app, or by post to Hallandsgatan 38, 118 57 Stockholm, Sweden.
If you think our use of cookies or similar technologies does not respect your rights, please contact us first at hello@clikr.app so we can help. You also have the right to complain to a supervisory authority. In Sweden, the authority for the cookie-consent rule is the Swedish Post and Telecom Authority (Post- och telestyrelsen, PTS) at pts.se, and the authority for data protection is the Swedish Authority for Privacy Protection (Integritetsskyddsmyndigheten, IMY) at imy.se. If you are in another EU or EEA country, you can complain to your national data protection authority, which you can find through the European Data Protection Board directory at edpb.europa.eu. If you are in the United Kingdom, you can complain to the Information Commissioner's Office at ico.org.uk/concerns. If you are in California, you can also contact the California Privacy Protection Agency at cppa.ca.gov.