2. Strictly Necessary Cookies
Strictly necessary cookies are essential for the Kappit platform to function. Without them, the platform cannot operate correctly and you will not be able to log in or use any features. These cookies do not collect personally identifiable information beyond what is required for the platform to work.
| Cookie Name | Purpose | Duration |
|---|---|---|
kappit_session |
Maintains your authenticated session. Without this cookie, you would be logged out on every page load. | Session (expires when browser closes) |
XSRF-TOKEN |
Cross-Site Request Forgery (CSRF) protection token. Prevents malicious websites from submitting forms on your behalf. | 2 hours (refreshed on activity) |
kappit_business |
Stores your currently active business workspace context, allowing the platform to display data for the correct company. | Session |
You cannot opt out of strictly necessary cookies. These cookies are set automatically when you use the platform and are required for it to function. If your browser is configured to block all cookies, you will not be able to access Kappit.
3. Security Cookies
Security cookies support Kappit's security features. They are used to detect and prevent account hijacking, suspicious login patterns, and other security threats. These cookies are set as part of our obligation to protect your personal data under the Kenya Data Protection Act, 2019.
| Cookie / Technology | Purpose | Duration |
|---|---|---|
kappit_session_token |
A unique token used to track your active session in our session management system. Enables the Security dashboard to display your current active sessions and supports remote session termination. | Matches session lifetime |
| Device Fingerprint Storage | Browser properties are used to create a non-identifying device fingerprint stored in session storage. Used to detect when a session is being used from an unrecognised device (a potential account takeover signal). | Session only |
| Login Activity Tracking | Records are kept of your successful and failed login attempts, including IP address and device information, to support the Login History feature and to detect brute-force attacks. | 12 months (stored server-side) |
Security cookies cannot be disabled individually as they are integral to protecting your account. You may, however, review and manage active sessions through the Security → My Sessions section of the platform.
4. Session Cookies
Session cookies are temporary cookies that exist only for the duration of your browser session. They are deleted automatically when you close your browser. Unlike persistent cookies, they are not stored on your device after your session ends.
Kappit uses session cookies to:
- Maintain your logged-in state as you navigate between pages of the application
- Pass information between pages during multi-step workflows (such as form submissions and wizard processes)
- Display flash messages — temporary notifications that appear after an action is completed (such as "Invoice saved successfully")
- Store temporary state during file uploads and form validation processes
Session cookies are erased when you close your browser or log out of the platform. They do not persist between browsing sessions unless your browser is configured to restore sessions on startup.
5. Analytics Cookies
Kappit uses privacy-respecting analytics to understand how the platform is used, which features provide the most value, and where users encounter difficulties. This information is used exclusively to improve the platform and to prioritise the development of new features.
Our analytics approach is designed with privacy as a priority:
- Analytics data is aggregated and does not identify individual users
- We do not use third-party advertising analytics platforms (such as Google Analytics) within the authenticated application
- Usage metrics are collected server-side where possible, reducing the need for client-side tracking cookies
- No analytics data is shared with third parties for advertising purposes
Analytics data collected includes: pages visited and time spent, features used and frequency of use, browser type and device category, errors encountered, and performance metrics. None of this data is linked to your name or email address in its processed form.
6. Preference Cookies
Preference cookies remember your personal settings and customisations within the platform. They allow Kappit to provide a more personalised experience by recalling your choices between sessions.
| Preference Stored | Storage Method | Duration |
|---|---|---|
| Sidebar collapse state (expanded or minimised) | Browser local storage | Until cleared by user |
| Table vs. card view preference | Browser local storage | Until cleared by user |
| Timezone and locale settings | Server-side user profile | Until changed by user |
| Dashboard widget arrangement | Server-side user profile | Until changed by user |
| Recently viewed records | Browser session storage | Session only |
Preference data stored in your user profile is subject to the data retention policy described in our Privacy Policy. You can reset most preferences through your profile settings within the platform.
7. Marketing Cookies (Future)
Kappit does not currently use any marketing or advertising cookies within the authenticated platform. We do not serve advertising to users of the Kappit application, and we do not share user data with advertising networks.
Our public website (kappit.co.ke) may in the future use analytics tools to understand how visitors discover and navigate the site. Any such tools will be disclosed in an update to this Cookie Policy before they are deployed.
If we introduce marketing cookies in the future — for example, for a product newsletter or a remarketing programme — we will:
- Update this Cookie Policy at least 30 days before the cookies are set
- Request your explicit consent before setting any non-essential marketing cookies
- Provide a simple mechanism to withdraw consent at any time
- Not set marketing cookies within the authenticated application without your express opt-in
You will never be required to accept marketing cookies as a condition of accessing the Kappit platform.
8. Cookie Management
You can manage cookies through your web browser settings. Most browsers allow you to:
- View which cookies are currently set on your device
- Delete all cookies or cookies from specific websites
- Block cookies from specific websites
- Block all third-party cookies while allowing first-party cookies
- Configure your browser to notify you when a cookie is being set
Browser Cookie Settings
To manage cookies in the most common browsers:
| Browser | How to Access Cookie Settings |
|---|---|
| Google Chrome | Settings → Privacy and Security → Cookies and other site data |
| Mozilla Firefox | Settings → Privacy & Security → Cookies and Site Data |
| Microsoft Edge | Settings → Cookies and site permissions → Cookies and data stored |
| Safari (Mac) | Preferences → Privacy → Manage Website Data |
| Safari (iOS) | Settings → Safari → Advanced → Website Data |
| Chrome (Android) | Chrome menu → Settings → Site Settings → Cookies |
Important Note
Disabling or blocking cookies will affect your ability to use the Kappit platform. In particular, blocking strictly necessary cookies will prevent you from logging in and using any features of the application. We strongly recommend allowing cookies from kappit.co.ke while blocking or limiting cookies from other sources if you have privacy concerns.
Clearing your browser's cookies and local storage will log you out of the platform and will reset any browser-stored preferences.
© 2026 Kappit. All rights reserved. Registered in Kenya.