Cookie Policy

Effective date: 26 June 2026


The short version

Dropframe does not use cookies on the main site (dropframe.run) or on deployed apps ({id}.dropframe.run) beyond what is strictly necessary to operate the service.


What we use

Strictly necessary

Cookie Purpose Duration
__cf_bm Cloudflare bot management — protects the API from automated abuse Session
session Paid-plan account session after login 7 days

These cookies cannot be opted out of without breaking the service.

What we do not use


Deployed apps

Apps deployed on Dropframe ({id}.dropframe.run) run inside a sandboxed iframe. Cookies set by deployed apps are scoped to their subdomain and cannot access cookies on dropframe.run or on other deployed apps.

Dropframe does not set cookies inside deployed apps. If a deployed app sets cookies, that is the responsibility of the person who deployed it.


Third-party cookies

Cloudflare may set operational cookies as part of its edge network and DDoS protection. These are covered by the Cloudflare Privacy Policy.

Clerk sets cookies for user authentication on login and dashboard pages. These are governed by the Clerk Privacy Policy.

Paddle sets cookies on checkout pages for payment processing and fraud prevention. These are covered by the Paddle Privacy Policy.


Changes

If we introduce new cookies, we will update this page and the effective date before deployment.


Contact

Email: hello@dropframe.run