Cookie Policy
Effective date: 26 June 2026
The short version
Dropframe does not use cookies on the main site (dropframe.run) or on deployed apps ({id}.dropframe.run) beyond what is strictly necessary to operate the service.
What we use
Strictly necessary
| Cookie | Purpose | Duration |
|---|---|---|
__cf_bm |
Cloudflare bot management — protects the API from automated abuse | Session |
session |
Paid-plan account session after login | 7 days |
These cookies cannot be opted out of without breaking the service.
What we do not use
- Advertising or tracking cookies
- Analytics cookies (Google Analytics, Mixpanel, etc.)
- Social media tracking pixels
- Cross-site tracking of any kind
Deployed apps
Apps deployed on Dropframe ({id}.dropframe.run) run inside a sandboxed iframe. Cookies set by deployed apps are scoped to their subdomain and cannot access cookies on dropframe.run or on other deployed apps.
Dropframe does not set cookies inside deployed apps. If a deployed app sets cookies, that is the responsibility of the person who deployed it.
Third-party cookies
Cloudflare may set operational cookies as part of its edge network and DDoS protection. These are covered by the Cloudflare Privacy Policy.
Clerk sets cookies for user authentication on login and dashboard pages. These are governed by the Clerk Privacy Policy.
Paddle sets cookies on checkout pages for payment processing and fraud prevention. These are covered by the Paddle Privacy Policy.
Changes
If we introduce new cookies, we will update this page and the effective date before deployment.
Contact
Email: hello@dropframe.run