Effective 5 May 2026
Change your cookie preferences
Re-open the preferences manager to update your choices any time.
This Cookie Policy explains how the TACI Platform uses cookies, localStorage, and other similar storage technologies (collectively “cookies” throughout, in line with EU ePrivacy Directive Article 5(3) terminology) when you use our service.
The platform mostly uses localStorage, which lives in your browser only and is never transmitted with HTTP requests — but ePrivacy treats localStorage as a “similar technology” that requires the same consent rules as traditional cookies. We apply the same rigour.
Strictly necessary for the platform to function. You cannot opt out of these — without them you cannot stay signed in or maintain a project context. We rely on the “strictly necessary” exemption in Article 5(3).
Remember your preferences (CMS choices, microsite settings, your cookie consent itself). The platform works without these, just less conveniently. You can decline these in the preferences manager.
Currently not in use. We do not run Google Analytics, Hotjar, Segment, Mixpanel or any equivalent. The toggle exists so that if we ever add product analytics, your declared preference applies before any request lands.
Currently not in use. We do not run advertising, retargeting, or third-party marketing trackers. Same forward-compatible reasoning as Analytics.
The complete list of items the platform stores in your browser, plus third-party services that may set their own cookies on their own domains when you interact with them.
| Item | Category | Storage | Duration | Purpose |
|---|---|---|---|---|
| taci_access_token | Essential | localStorage | Session (cleared on sign-out) | JWT bearer token used to authenticate every API request. Without it you cannot stay signed in. |
| taci_user | Essential | localStorage | Session (cleared on sign-out) | Cached profile (name, email, role) so each page render does not need a round-trip to the server. |
| taci_projects | Essential | localStorage | Session (cleared on sign-out) | Cached list of projects you belong to, populates the My Projects sidebar. |
| taci_current_project | Essential | localStorage | Session | Remembers which project you have open so the project sidebar persists across navigations. |
| taci_cookie_consent | Functional | localStorage | 12 months | Records this very consent choice, plus the policy version and timestamp, so we don't re-prompt you on every visit. |
| taci_cms_settings | Functional | localStorage | 12 months | Stores your custom landing-page CMS choices (hero copy, gradient, headline) so they persist between visits. Superadmin-only feature. |
| taci_cms_hero_image | Functional | localStorage | 12 months | Stores the uploaded landing hero image as a base64 data URL when you customise the public landing page. |
| taci_cms_feed_image | Functional | localStorage | 12 months | Stores the uploaded feed hero image, same purpose as above for the public feed. |
| taci_initiative_cms_* | Functional | localStorage | 12 months | Per-initiative microsite settings (mission, partner logos, hero) keyed by project id. Created when an orchestrator customises a microsite. |
| OpenStreetMap tiles | Functional | Cookie | Set by openstreetmap.org | Map background tiles for the project map (/superadmin/projects). Loaded only when you visit a page that renders the map. OpenStreetMap may set its own cookies. |
| Stripe (Checkout) | Functional | Cookie | Set by stripe.com | When you pay an invoice via Pay-by-card, Stripe's hosted Checkout page sets its own session and fraud-prevention cookies on stripe.com. We never see those cookies. |
We try to keep third-party requests to a minimum. Anything that loads from a domain other than taci.io is listed below.
Outside of the above, the platform is self-contained: fonts are bundled at build time, JavaScript is served from our own origin, and we do not embed third-party widgets, analytics, or marketing tags. No cookies leave the browser to ad networks or trackers.
Use the Manage preferences button at the top of this page (or any “Cookie settings” link) to open the preferences manager. You can change your choice as often as you like; the new choice takes effect immediately.
You can also clear all TACI storage from your browser’s privacy controls. The next time you visit the platform, the consent banner re-appears and you can make a fresh choice.
Your choice is stored in your browser’s localStorage as taci_cookie_consent with a timestamp, the policy version, and the categories you accepted. If you are signed in to TACI, we also record the same information server-side against your user account so our Data Protection Officer can answer the audit question “when did this user consent to functional cookies?” without ambiguity.
If we update this policy in a way that affects you, we bump the version number and re-prompt everyone on next visit. Your previous record is kept for the audit trail.
Questions or complaints about how we handle cookies and storage? Contact our Data Protection Officer at dpo@tacifoundation.org. You also have the right to file a complaint with the data-protection authority in your country — for Finnish customers, Tietosuojavaltuutetun toimisto.