Cookie Policy
Last updated: 2026-05-15
1. About This Policy
This cookie policy explains what cookies and similar technologies we use on searchpresence.app, why we use them, and how you can control them. It complements our privacy policy and applies to all visitors to our website.
Legal context:
- GDPR (Regulation (EU) 2016/679) governs the processing of any
personal data set or read through cookies.
- The Polish Telecommunications Act (Prawo telekomunikacyjne,
art. 173), implementing the EU ePrivacy Directive 2002/58/EC, requires your consent before we may set non-essential cookies on your device.
We treat both regimes as binding.
2. What Cookies Are
A cookie is a small text file that a website stores on your device to remember information about your visit. "Similar technologies" includes localStorage, sessionStorage, IndexedDB, and pixel tags. Throughout this policy, "cookies" means all of these unless we say otherwise.
Cookies can be:
- First-party — set by us directly.
- Third-party — set by a different domain we have embedded
(for example, Stripe for checkout).
- Session cookies — deleted when you close your browser.
- Persistent cookies — kept across browser sessions until they
expire or are deleted.
3. Categories of Cookies We Use
We group cookies into four categories. The first category is set automatically because the site cannot function without it. The other three are set only after you give consent through our cookie banner.
| Category | Purpose | Legal basis | Set by default? |
|---|---|---|---|
| Strictly necessary | Run the site, route requests, remember your locale, remember your cookie preferences, prevent abuse and rate-limit | Legitimate interest (GDPR Art. 6(1)(f)) and ePrivacy "strictly necessary" exemption | Yes |
| Preferences | Remember non-essential preferences such as a chosen display currency override | Your consent (GDPR Art. 6(1)(a)) | No, only after consent |
| Analytics | Help us understand how the site is used so we can improve it | Your consent (GDPR Art. 6(1)(a)) | No, only after consent |
| Marketing | Measure the performance of marketing campaigns and personalise communications | Your consent (GDPR Art. 6(1)(a)) | No, only after consent |
We do not use cookies for cross-site advertising profiling.
4. Cookies We Set
4.1 Strictly necessary
| Cookie / Storage | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
NEXT_LOCALE | First-party (Next.js / next-intl) | Remembers your selected language (EN / PL). Required for server-side locale routing on every request; the site cannot route correctly without it. | HTTP cookie | 1 year |
sp_cookie_consent | First-party | Records your cookie consent choices so we can apply them on subsequent visits | HTTP cookie | 12 months |
sp_csrf | First-party | Cross-site-request-forgery protection for forms | HTTP cookie | Session |
Vercel platform cookies (e.g. __vercel_live_token) | Vercel (first-party context) | Edge routing and security | HTTP cookie | Session |
__Host-supabase-auth-token (when accounts are introduced) | First-party (Supabase) | Keeps you signed in | HTTP cookie | Per Supabase default; typically up to 1 year, rotated |
| Rate-limit identifier (hashed IP) | First-party (Upstash) | Prevent abuse of preview submissions and waitlist forms | Server-side store, no browser cookie | 24 hours |
4.2 Preferences
| Cookie / Storage | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
sp_currency_override | First-party | Remembers a manual currency choice if you override the country-based default | HTTP cookie | 12 months |
4.3 Analytics
| Cookie / Storage | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
ph_* (PostHog identifiers) | PostHog (EU instance) | Pseudonymised usage analytics: pages viewed, actions taken, conversion funnels | HTTP cookie / localStorage | Up to 12 months |
| Vercel Analytics | First-party (Vercel) | Aggregated web-vitals and pageview metrics | localStorage / first-party request | 24 hours (rolling) |
We have configured PostHog to:
- not record session replays by default
- not capture IP-only profiles beyond what is needed for
aggregated analytics
4.4 Marketing
| Cookie / Storage | Set by | Purpose | Type | Duration |
|---|---|---|---|---|
| (None at launch) | — | We do not run cross-site advertising or remarketing at launch. If we add a marketing pixel later, we will update this policy and ask for consent before setting it. | — | — |
4.5 Cookies set by payment and embedded services
When you reach a checkout or a Stripe-hosted page:
| Cookie / Storage | Set by | Purpose | Duration |
|---|---|---|---|
__stripe_mid, __stripe_sid, m | Stripe | Fraud prevention, session continuity, and 3D-Secure flows. These are classified as strictly necessary for the payment service to function. | Up to 1 year / session |
These are set only when you interact with checkout. Their full description is published by Stripe at https://stripe.com/cookie-settings.
5. Your Choices
5.1 Cookie banner
When you first visit the site you will see a cookie banner. You can:
- Accept all — gives consent to all categories
- Reject all (non-essential) — only strictly necessary cookies
are set
- Manage preferences — choose which categories you consent to,
one by one
Your choice is recorded in the sp_cookie_consent cookie and applied on subsequent visits.
5.2 Changing your mind
You can change your cookie choices at any time using the "Cookie preferences" link in the website footer. Withdrawing consent does not affect the lawfulness of any cookie-based processing carried out before withdrawal.
5.3 Browser controls
You can also block or delete cookies directly in your browser settings. Be aware that blocking strictly necessary cookies may prevent parts of the site from functioning, including the ability to remember your language preference and cookie choices.
Browser-level instructions:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/kb/cookies
- Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471
- Edge: https://support.microsoft.com/microsoft-edge
6. Do Not Track and Global Privacy Control
Browsers may send a "Do Not Track" header or a Global Privacy Control signal. We treat the Global Privacy Control signal, where received, as an opt-out from non-essential cookies for the visiting browser. We do not currently treat "Do Not Track" as a legally binding signal because its interpretation is not standardised, but we will revisit that as the legal landscape evolves.
7. Third Parties
The third parties named in §4 may process the data set by their cookies as independent data controllers or joint controllers depending on the cookie. For their privacy practices, see:
- Stripe: https://stripe.com/privacy
- PostHog: https://posthog.com/privacy
- Vercel: https://vercel.com/legal/privacy-policy
- Supabase: https://supabase.com/privacy
We have data-processing agreements with these providers where they act as our processor; the privacy policy §5 sets out the sub-processor list and transfer safeguards.
8. Changes to This Cookie Policy
When we add, remove, or materially change a cookie, we will update this policy with a new "Last updated" date and re-prompt for consent where required.
If you have previously consented to a category, adding a new cookie within that category does not require re-consent unless the new cookie materially expands the processing purpose. Adding a new category always requires fresh consent.
9. Contact
For any question about this policy:
- Email: privacy@searchpresence.app
- Postal: Dominik Iwoła, Kabaczkowa 2/2, 52-311 Wrocław, Poland