Cookie Policy

1. What is a cookie?

A cookie is a small text file that a website stores on your device. Cookies allow a site to remember who you are, keep you signed in, remember preferences, or measure how the site is used. We also use similar technologies such as localStorage and the browser session storage, which work the same way for the purpose of this policy.

2. The cookies we use

Strictly necessary

These cookies are required for the Service to function and cannot be turned off. They do not need consent under EU law.

• Session and authentication (Supabase): keep you signed in to your account.
• CSRF protection: prevent cross-site request forgery on form submissions.
• Locale and theme preference: remember the language and theme you selected.
• Stripe: required during checkout to process payments and prevent fraud.

Functional

Improve the experience but not strictly required. They are set only after you continue to use a feature that needs them.

• Recently viewed studios: remember which businesses you opened so we can surface them faster.
• Onboarding state: remember which steps of the dashboard onboarding you finished.

Analytics (consent required)

Help us understand how the Service is used so we can improve it. We only set them after you accept analytics in the cookie banner. You can change your choice at any time.

Marketing

We do not currently set advertising or third-party tracking cookies. If that ever changes, we will update this page and ask for your consent first.

3. Third-party cookies

Some pages embed content from partners that may set their own cookies, including:

• Stripe on payment pages (stripe.com/cookies-policy).
• Google Maps on studio detail pages (policies.google.com/technologies/cookies).
• Google sign-inwhen you choose “Continue with Google”.

4. Managing your cookies

You can control cookies in three ways:

1. The cookie banner shown on your first visit.
2. Your account preferences (signed-in users, under Settings > Privacy).
3. Your browser settings. All major browsers let you block, delete, or limit cookies. Blocking strictly necessary cookies will break parts of the Service, in particular the ability to sign in.

5. Do Not Track

We respect the Global Privacy Control signal and treat it as an opt-out from analytics and marketing cookies. We do not currently respond to the older Do Not Track header because it has been deprecated by browsers.

6. Changes

We update this page when the cookies we use change. The “Last updated” date at the top tells you when the current version took effect.

7. References

• Regulation (EU) 2016/679 (GDPR), Articles 6 and 7.
• Directive 2002/58/EC (ePrivacy Directive), as amended by Directive 2009/136/EC, transposed in Luxembourg by the law of 30 May 2005.
• European Data Protection Board, Guidelines 03/2022 on deceptive design patterns and consent.
• CNPD guidance on cookies and trackers, cnpd.public.lu.

8. Contact

Questions about cookies: privacy@bookify.lu.