This Cookie Policy explains how MyRodmap OÜ, operating under the business name Migrada ("Migrada," "we," "us," or "our"), uses cookies and similar technologies when you visit or use our website at https://migrada.eu and associated services (the "Services").
This policy should be read together with our Privacy Policy and Terms of Service.
For questions about this Cookie Policy, contact us at contact@migrada.eu.
Table of Contents
What are cookies?
Cookies are small text files placed on your device (computer, phone, or tablet) by websites you visit. They are widely used to make websites function properly, remember your preferences and collect information about how you interact with a site.
Cookies may be "first-party" (set by the website you are visiting) or "third-party" (set by a service operating on behalf of the website). Cookies may be "session" cookies (deleted when you close your browser) or "persistent" cookies (remain on your device for a set period or until you delete them).
Similar technologies include local storage, session storage and pixel tags. This policy covers all such technologies.
How we use cookies
Migrada uses a minimal set of cookies. We do not use advertising cookies, retargeting pixels, or third-party tracking scripts that follow you across other websites.
Our cookies fall into two categories: strictly necessary and analytics.
Cookies we use
Strictly necessary cookies
These cookies are essential for the platform to function. Without them, you cannot log in, maintain a session, or use core features. They cannot be disabled without breaking the Services.
Authentication and session cookies (Supabase)
Purpose: Manage your login session, authenticate your identity and maintain your signed-in state as you navigate the platform.
Provider: Supabase (first-party, set on migrada.eu)
Type: Session and persistent
Duration: Session cookies expire when you close your browser. Persistent authentication tokens expire after the session duration configured in our authentication settings (typically 7 days, refreshed on activity).
Data stored: Session token, refresh token. No personal information is stored in the cookie itself.
Payment session cookies (Stripe)
Purpose: Facilitate secure payment processing when you purchase a service tier. Stripe sets cookies to prevent fraud, manage the checkout session and comply with PCI DSS requirements.
Provider: Stripe (third-party)
Type: Session and persistent
Duration: Varies by cookie. Most expire within 1 year.
Data stored: Fraud detection identifiers, session references. Payment card details are never stored in cookies.
Note: Stripe cookies are only set when you initiate a payment. If you do not purchase anything, no Stripe cookies are placed.
Hosting and infrastructure (Vercel)
Purpose: Route requests, manage load balancing and deliver the website. Vercel may set minimal cookies or use headers for request management.
Provider: Vercel (first-party)
Type: Session
Duration: Session
Data stored: No personal information.
Analytics
We use analytics to understand how visitors use the platform so we can identify issues and improve the experience. Analytics data is not used for advertising, profiling, or selling data to third parties.
PostHog — cookieless analytics (always active)
Purpose: Collect anonymized, aggregated usage data including pages visited, features used and general interaction patterns. Used to measure conversion, identify friction in the application flow and improve the user experience.
Provider: PostHog (EU cloud instance)
Storage on your device: None. PostHog runs in memory-only mode — no cookies, no localStorage, no data is written to your device.
Cross-session tracking: None. Each page load is treated as a new anonymous visit. We cannot identify returning visitors in this mode.
Data processed: Page URL, browser type, device type, approximate country derived from IP address. IP addresses are not stored after processing.
Legal basis: Legitimate interest (GDPR Article 6(1)(f)). Since no data is stored on your device, consent is not required under the ePrivacy Directive.
PostHog — enhanced analytics cookies (consent required)
Purpose: When you consent to analytics cookies, PostHog upgrades to cookie-based persistence. This allows us to recognize returning visitors, measure session duration across page loads, and provide a more complete picture of how the platform is used.
Provider: PostHog (EU cloud instance)
Type: Persistent (localStorage + cookie)
Duration: Up to 12 months
Data stored: Anonymous session identifier, device type, browser type, approximate location derived from IP address (country level). PostHog does not track you across other websites.
Consent required: Yes. Enhanced analytics cookies are only activated after you provide consent through our cookie banner.
Cookies we do not use
For clarity, Migrada does not use:
- Google Analytics or Google Tag Manager
- Facebook Pixel or Meta tracking
- LinkedIn Insight Tag
- Google Ads, Reddit Ads, or any advertising platform cookies
- Hotjar, FullStory, or similar session recording tools (other than Microsoft Clarity, which is consent-gated)
- Any cookie or tracker that follows you across websites for advertising purposes
- Any cookie that builds a behavioral profile for sale to third parties
Cookie consent
When you first visit migrada.eu, a cookie consent banner appears. You can choose to:
Accept all cookies. Strictly necessary cookies, enhanced analytics cookies (PostHog with persistent storage) and session recording tools (Clarity) are activated. This gives us the most complete picture of how the platform is used.
Essential only. Only strictly necessary cookies (authentication, payment, infrastructure) are set on your device. Cookieless analytics (PostHog in memory-only mode) continues to run in the background — this does not store any data on your device and cannot identify you across sessions.
Change your preferences later. You can update your cookie preferences at any time through the cookie settings link in the website footer or by clearing cookies in your browser settings.
Why cookieless analytics runs without consent: Under the ePrivacy Directive, consent is required for storing or accessing information on your device. Our cookieless analytics uses in-memory processing only — no cookies, no localStorage, no device fingerprinting. Since nothing is stored on your device, consent is not required. The legal basis for processing this anonymous, aggregated data is legitimate interest under GDPR Article 6(1)(f).
Managing cookies in your browser
You can control and delete cookies through your browser settings. Here is how to manage cookies in common browsers:
- Chrome: Settings > Privacy and security > Cookies and other site data
- Firefox: Settings > Privacy and Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions > Manage and delete cookies
Blocking or deleting strictly necessary cookies will prevent you from logging in and using the platform. Blocking analytics cookies will not affect your ability to use the Services.
Do-Not-Track signals
Migrada does not currently respond to Do-Not-Track (DNT) browser signals, as there is no universally accepted standard for interpreting them. If a recognized standard is adopted that we are legally required to follow, we will update this policy.
International transfers
Some of our service providers (Stripe, Vercel) are based in the United States. Where personal data is transferred outside the EU/EEA, these providers rely on Standard Contractual Clauses (SCCs) or other legally recognized transfer mechanisms to ensure adequate data protection.
PostHog is configured to use an EU-hosted cloud instance, and analytics data is processed within the EU.
Supabase stores your data in the EU region.
Updates to this policy
We may update this Cookie Policy to reflect changes in our practices or legal requirements. When we make material changes, we will update the "Last updated" date at the top. Material changes may also be communicated through the cookie consent banner or by email.
Contact
Questions about this Cookie Policy:
Company: MyRodmap OÜ
Business name: Migrada
Registration number: 17216460
Address: Harju maakond, Kuusalu vald, Pudisoo küla, Männimäe/1, 74626, Estonia
Email: contact@migrada.eu
Migrada — Digital platform for Austrian residence permit applications.
MyRodmap OÜ (Migrada) is not a law firm. We provide software and services to help you prepare immigration application documents.
© 2026 Migrada
See also: Privacy Policy and Terms of Service