Cookie Notice
Provider: Valiquest AB · Org.nr 559577-0347 · Stockholm, Sweden Service: Virtual Customer Version: v1 — 2026-04-22 (DRAFT — pre-counsel review) Applies to: https://app.virtualcustomer.io and any subdomain operated by Valiquest.
This Cookie Notice should be read together with our Privacy Policy at
/legal/privacy-policy.html.
1. What this notice covers
This Cookie Notice explains the cookies and similar storage technologies (such as localStorage and sessionStorage) that we use, and how you can control them.
We comply with the ePrivacy Directive (as implemented in Swedish law via Lagen om elektronisk kommunikation) and the GDPR. That means:
- Strictly necessary technologies are always on — without them the site cannot work.
- Non-necessary technologies (analytics, marketing) are off by default and only set after you give consent.
- You can withdraw or change consent at any time via the Cookie preferences link in the footer.
We do not currently use cookie walls (you do not need to consent to non-necessary cookies to access the Service).
2. Categories and current inventory
We organise storage into three categories.
2.1 Strictly necessary (always active)
These are required to deliver the Service you have requested (sign-in, security, basic navigation). You cannot opt out of them while using the Service.
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
firebase:authUser:* | localStorage | Stores the signed-in user session for Firebase Auth | Until sign-out | Valiquest (Firebase) |
firebase:host:* | localStorage | Firebase SDK internal host metadata | Until sign-out | Valiquest (Firebase) |
_grecaptcha | localStorage | Anti-abuse on the sign-up form (Google reCAPTCHA, only if enabled) | 6 months | |
cookieConsent | localStorage | Stores your cookie preferences and the version you consented to | 12 months | Valiquest |
currentOrgId | localStorage | Remembers which organisation you last had open | Until cleared | Valiquest |
billingCurrency | localStorage | Remembers your preferred billing currency on the pricing page | Until cleared | Valiquest |
vc:* (operational) | localStorage | Various small UI state items prefixed with vc: (sidebar collapsed, draft notes) | Until cleared | Valiquest |
2.2 Analytics (opt-in)
We do not currently set any analytics cookies or use any third-party analytics tools.
If we add an analytics tool in the future (such as a privacy-respecting product analytics provider), this section will be updated and we will require fresh opt-in consent before any analytics cookie is set. We will give 30 days' notice before activating.
2.3 Marketing (opt-in)
We do not currently set any marketing cookies, and we do not run third-party advertising scripts on app.virtualcustomer.io.
If this changes in the future, opt-in consent will be required first.
3. How we ask for consent
When you first visit the site, a cookie consent banner appears in the bottom of the page with three options:
- Accept all — turns on all categories.
- Reject non-essential — leaves only strictly necessary on (this is also the effect of dismissing the banner without choosing).
- Customise — opens a panel where you can opt in to analytics and/or marketing individually.
Your choice is stored in localStorage.cookieConsent along with the version of this Cookie Notice you consented to. If we materially change the categories or set new non-essential storage, we will ask again.
4. How to change or withdraw consent
You can change your preferences at any time:
- Open the Cookie preferences link in the footer of any page on
app.virtualcustomer.io. - Toggle categories on or off.
- Save.
You can also clear all storage from your browser settings; the next time you visit, the banner will reappear.
5. Browser-level controls
In addition to our consent banner, you can use your browser to block or delete cookies for any site:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Settings → Privacy → Manage Website Data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Blocking strictly necessary cookies will break sign-in.
For broader controls, see the EU-wide guide at https://www.youronlinechoices.eu/.
6. Changes to this notice
We will update this notice if we add or remove cookies. The version number and effective date at the top of this page reflect the latest revision. Material changes (especially adding any non-essential storage) will trigger a fresh consent prompt and 30 days' notice.
7. Contact
Questions about this notice? Email info@valiquest.com.
Reviewer flags
For the external Swedish data protection / IT lawyer (G4.6.13):
- [REVIEW] §2.1 Confirm that all listed
firebase:*storage entries qualify as "strictly necessary" under ePrivacy / IMY guidance — particularly given the latest IMY decisions on Google Analytics and US-hosted infrastructure. - [REVIEW] §2.1 Confirm
_grecaptcha(set by Google) can be classified as strictly necessary on sign-up forms vs requiring analytics-tier consent. - [REVIEW] §3 Confirm "Reject non-essential" is the effective default if the user dismisses the banner without choosing — this is now the IMY-aligned position post-2024 enforcement actions.
- [REVIEW] §6 Confirm 30-day prior notice for new categories meets ePrivacy reconsent expectations.
End of draft v1 — 2026-04-22