Cookie Policy

Effective Date: [INSERT DATE]
Last Updated: [INSERT DATE]

1. Introduction

This Cookie Policy explains how we use cookies and similar technologies when you visit or use our website and services (collectively, the "Service"). This policy should be read together with our Privacy Policy and Terms and Conditions.

For EU Users: This policy complies with the EU ePrivacy Directive (Cookie Directive) and the General Data Protection Regulation (GDPR). We obtain appropriate consent before placing non-essential cookies on your device.

2. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, or tablet) when you visit a website. They are widely used to make websites work efficiently and provide information to website owners.

2.1 Types of Cookies We Use

We categorize cookies into the following types:

Essential Cookies: Necessary for the basic functionality of our Service
Analytics Cookies: Help us understand how you use our Service (consent required)
Third-Party Cookies: Set by external services we use (subject to their own policies)

3. Essential Cookies (No Consent Required)

These cookies are strictly necessary for the operation of our Service and cannot be disabled. They enable core functionality such as security, authentication, and basic Service operations.

3.1 Authentication and Session Management

Cookie Name	Purpose	Duration	Type
`tp_session`	Maintains your login session and authentication state	Session/Until logout	HTTP-Only, Secure, SameSite=Lax
`tp_magiclink`	Temporary storage for magic link authentication process	10 minutes	HTTP-Only, Secure, SameSite=Lax

Legal Basis: These cookies are necessary for contract performance (Article 6(1)(b) GDPR) and legitimate interests (Article 6(1)(f) GDPR) for security purposes.

3.2 User Interface and Functionality

Cookie Name	Purpose	Duration	Type
`tp_toast`	Stores temporary notification messages (success, error messages)	Until message is displayed	HTTP-Only, Secure, SameSite=Lax

Technical Details:

All essential cookies use secure transmission (HTTPS only in production)
HTTP-Only flag prevents JavaScript access for security
SameSite=Lax setting provides CSRF protection
Encrypted using industry-standard encryption

4. Analytics Cookies (Consent Required)

These cookies help us understand how visitors interact with our Service by collecting and reporting information anonymously. We only place these cookies with your explicit consent.

4.1 Segment Analytics

Purpose: Track user behavior, page views, and feature usage to improve our Service
Data Collected:

Page views and navigation patterns
User interactions with Service features
Anonymous usage statistics
Device and browser information

Legal Basis: Consent (Article 6(1)(a) GDPR)
Data Processor: Segment.io
Data Retention: As per Segment's data retention policies
Third-Party Policy: Segment Privacy Policy

4.2 Google Analytics (When Configured)

Purpose: Website traffic analysis and user behavior insights
Data Collected:

Website traffic statistics
User demographics (when available)
Page performance metrics
Conversion tracking

Legal Basis: Consent (Article 6(1)(a) GDPR)
Data Processor: Google LLC
Data Retention: 26 months (configurable)
Third-Party Policy: Google Privacy Policy

Consent Management: Analytics cookies are only activated when you provide explicit consent through our cookie consent interface or by setting your preference to "accepted" in your browser's local storage.

5. Third-Party Services and Their Cookies

Our Service integrates with third-party services that may set their own cookies. We do not control these cookies, and they are subject to the respective third parties' privacy policies.

5.1 Stripe (Payment Processing)

Purpose: Secure payment processing and fraud prevention
Cookies Set: Stripe sets various cookies for payment security and fraud detection
Legal Basis: Contract performance (Article 6(1)(b) GDPR) and legitimate interests for fraud prevention
Privacy Policy: Stripe Privacy Policy

5.2 Error Monitoring (Sentry)

Purpose: Application error tracking and performance monitoring
Legal Basis: Legitimate interests (Article 6(1)(f) GDPR) for Service improvement
Privacy Policy: Sentry Privacy Policy

5.3 External Fonts and Resources

Google Fonts: We load fonts from Google Fonts, which may set cookies
Privacy Policy: Google Privacy Policy

6. Local Storage and Browser Storage

We also use browser local storage for certain functionality:

6.1 Cookie Consent Management

Storage Key: accept-cookies
Purpose: Remember your cookie consent preferences
Data Stored: "accepted" or absence of key
Duration: Until manually cleared or browser cache is cleared

7. Managing Your Cookie Preferences

7.1 Cookie Consent Interface

We provide a cookie consent interface that allows you to:

Accept or decline analytics cookies
Change your preferences at any time
Understand what each type of cookie does

7.2 Browser Settings

You can control cookies through your browser settings:

Chrome: Settings > Privacy and Security > Cookies and other site data
Firefox: Settings > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Manage Website Data
Edge: Settings > Cookies and site permissions > Cookies and site data

7.3 Opt-Out Links

For specific services, you can opt out directly:

Google Analytics: Google Analytics Opt-out
Segment: Contact us to disable analytics tracking

Important: Disabling essential cookies may affect the functionality of our Service.

8. EU Users' Rights

If you are located in the European Union, you have the following rights regarding cookies and the data they collect:

8.1 Right to Withdraw Consent

You can withdraw your consent for analytics cookies at any time through our cookie settings or by contacting us.

8.2 Right of Access

You can request information about what data has been collected through cookies.

8.3 Right to Erasure

You can request deletion of data collected through cookies, subject to legal retention requirements.

8.4 Right to Data Portability

For certain cookie-collected data, you may request data portability.

9. International Data Transfers

Some of our third-party service providers are located outside the European Economic Area (EEA). We ensure appropriate safeguards are in place:

Segment: Uses Standard Contractual Clauses and has adequate data protection measures
Google: Participates in the EU-US Data Privacy Framework and uses Standard Contractual Clauses
Stripe: Uses Standard Contractual Clauses and has adequate data protection measures

10. Data Security

We implement appropriate technical and organizational measures to protect data collected through cookies:

Encryption of sensitive cookies
Secure transmission (HTTPS)
HTTP-Only flags where appropriate
SameSite attributes for CSRF protection
Regular security audits

11. Children's Privacy

Our Service is not intended for children under 16 years of age (or applicable age of consent in your jurisdiction). We do not knowingly collect personal information from children through cookies.

12. Updates to This Policy

We may update this Cookie Policy periodically to reflect changes in our practices or for legal, operational, or regulatory reasons. We will notify you of material changes by:

Updating the "Last Updated" date
Displaying a notice on our Service
Sending email notifications (where required by law)

For EU Users: We will provide advance notice of material changes that affect your rights and obtain fresh consent where required.

13. Legal Compliance

This Cookie Policy complies with:

EU General Data Protection Regulation (GDPR)
EU ePrivacy Directive (Cookie Directive)
UK Data Protection Act 2018 and UK GDPR (where applicable)
California Consumer Privacy Act (CCPA) (where applicable)

14. Contact Information

If you have questions about this Cookie Policy or wish to exercise your rights, please contact us:

Email: [INSERT EMAIL]
Address: [INSERT ADDRESS]
Phone: [INSERT PHONE]

EU Representative (if applicable): [INSERT EU REPRESENTATIVE DETAILS]
Data Protection Officer: [INSERT DPO CONTACT] (if required under GDPR)

14.1 Supervisory Authority

EU users have the right to lodge a complaint with their local data protection supervisory authority if they believe their rights have been violated.

15. Definitions

Cookie: A small piece of data sent from a website and stored on your device
Essential Cookies: Cookies necessary for the website to function properly
Session Cookie: Temporary cookie deleted when you close your browser
Persistent Cookie: Cookie that remains on your device for a set period
First-Party Cookie: Cookie set by the website you're visiting
Third-Party Cookie: Cookie set by a domain other than the one you're visiting

IMPORTANT LEGAL NOTICE: This Cookie Policy is designed for EU compliance and should be reviewed by a qualified attorney familiar with applicable privacy laws before implementation. Cookie laws and regulations vary by jurisdiction and continue to evolve. Regular legal review and updates may be required to maintain compliance.

By continuing to use our Service, you acknowledge that you have read and understood this Cookie Policy and agree to our use of cookies as described herein.