🎵🎶🎵🎶Ciripi
ciripi
Context Related Post

Legal

Cookie Policy

Last updated: [PLACEHOLDER: EFFECTIVE DATE]

This page is currently available in English only.

1. What this policy covers

This policy explains every form of browser-side storage that Ciripi uses or causes to be used. It covers traditional HTTP cookies and, because Ciripi is a Progressive Web App (PWA), several additional storage mechanisms:

  • localStorage — persistent key/value storage in your browser; survives page reloads and browser restarts until cleared.
  • sessionStorage — key/value storage cleared when you close the browser tab.
  • Cache Storage — a service-worker-managed cache for network responses (used to enable offline capability and fast loading).

None of these technologies are used for advertising, cross-site tracking, or profiling.

This policy should be read alongside our Privacy Policy for the full picture of how your personal data is processed.

2. A note on HTTP cookies vs. localStorage

Unlike many websites, Ciripi’s authentication does not use traditional HTTP cookies that are sent automatically with every request. Instead, our authentication library (Supabase GoTrueClient) stores your session tokens in localStorage under the key sb-[project-ref]-auth-token. This is a deliberate design decision by Supabase to avoid CSRF exposure. The practical effect for you is the same — you stay logged in across page reloads — but the mechanism is different from a traditional session cookie.

The ePrivacy Directive (Directive 2002/58/EC, as amended) and its Romanian implementing rules apply to all technologies that store or access information on your device, including localStorage. We treat all browser storage with the same consent obligations as cookies.

3. Strictly-necessary storage

These entries are essential for the Service to function. They are set before and regardless of your cookie-consent choice and cannot be disabled without breaking the Service.

Strictly necessaryAlways active — cannot be disabled
  • sb-[project-ref]-auth-tokenlocalStorage

    Set by Supabase GoTrueClient to persist your authentication session (JWT access token and refresh token). Without this entry you would be logged out on every page navigation. Cleared when you sign out. Duration: access token expires after ~1 hour (refreshed automatically); refresh token expires after approximately 7 days of inactivity.

  • ciripi_consentlocalStorage

    Stores your cookie-consent choice ('all' or 'essential') so the consent banner does not reappear on subsequent visits. Contains no personal data beyond your preference. Duration: persistent (no expiry); cleared if you clear your browser’s site data.

  • ciripi-splash-shownsessionStorage

    Tracks whether the app splash screen has been displayed in the current browser session, so it is shown only once per tab visit and not on every page navigation. Contains no personal data. Duration: session-only; cleared automatically when you close the tab.

4. Performance and functional storage

These entries are only activated when you choose Accept all in the cookie-consent banner. They improve performance and enable offline use but are not required for core functionality.

Performance / functionalOnly active after “Accept all”
  • ciripi_c_* (prefix)localStorage

    A set of time-limited cache entries prefixed with ciripi_c_ that store recently fetched feed posts, profile data, and group information. This enables faster page loads and limited offline reading of content you have already viewed. Each entry carries an expiry timestamp; stale entries are removed automatically. This data never leaves your device. Duration: TTL-based per entry; all entries are cleared when you sign out.

5. Service-worker caches (PWA)

When you install Ciripi as a Progressive Web App, or when you visit the site in a supported browser, a service worker is registered that manages a set of Cache Storage caches. These caches enable the app to load instantly and work offline. They are managed by Workbox (via @ducanh2912/next-pwa) and are cleared when you uninstall the PWA or when we deploy a new app version.

Static asset cache (Workbox precache)Cache Storage

JavaScript bundles, CSS, and static images are precached with content-hashed filenames. Contains no personal data. Strategy: CacheFirst. Cleared on app update or PWA uninstall.

supabase-apiCache Storage

Caches responses from Supabase REST API and Supabase Storage (including user profile images and post media). These responses may contain personal data (profile photos, post content) that was fetched with your authorisation. The cache is keyed by URL and may contain your data as well as other users’ public content. Strategy: NetworkFirst with a 5-second timeout; max 100 entries; max age 24 hours.

dicebear-avatarsCache Storage

Caches SVG avatar images fetched from api.dicebear.com. Cache keys include the user UUID used as an avatar seed. Contains pseudonymous identifiers but no directly personally identifiable information. Strategy: CacheFirst; max 200 entries; max age 30 days.

6. What we do not use storage for

  • Advertising or retargeting — Ciripi serves no advertisements and has no advertising-tech integrations.
  • Cross-site tracking — we have no third-party tracking pixels, fingerprinting scripts, or analytics services that track you across other websites.
  • Selling or sharing for commercial profiling — we never sell browser-storage data or share it with data brokers.
  • Social-media widgets — Ciripi embeds no external social-media share buttons or comment widgets that could set third-party cookies.

7. How consent is obtained and recorded

7.1 The consent banner

On your first visit to Ciripi (or after you clear your browser data), a consent banner slides up from the bottom of the screen. It presents two choices:

  • Essential only — limits storage to the strictly-necessary entries in §3. The performance cache (§4) is not activated.
  • Accept all — activates the performance-cache entries in §4 in addition to strictly-necessary storage.

Your choice is stored in the ciripi_consent localStorage key. The banner does not reappear until you clear your browser’s site data.

7.2 No pre-ticked boxes

The performance cache is inactive until you actively select “Accept all”. No non-essential storage is activated by default or by inaction (scrolling, browsing). This is compliant with the ePrivacy Directive requirement for prior, informed consent.

7.3 Withdrawing consent

You can withdraw your consent at any time by clearing your browser’s site data for ciripi.com (browser Developer Tools → Application → Storage → Clear site data, or equivalent). This will remove all localStorage and Cache Storage entries and will reset the consent preference. The banner will reappear on your next visit. Note that clearing site data will also sign you out.

8. Browser-level storage controls

You can manage or delete browser storage independently of the consent banner:

  • Chrome — Settings › Privacy and security › Cookies and other site data › See all site data and permissions
  • Firefox — Settings › Privacy & Security › Cookies and Site Data › Manage Data
  • Safari — Settings › Privacy › Manage Website Data
  • Edge — Settings › Cookies and site permissions › Manage and delete cookies and site data

Deleting or blocking the sb-[project-ref]-auth-token localStorage entry will sign you out. All other entries can be deleted without affecting your ability to use the Service, though you may experience slower page loads and will see the consent banner again.

9. What happens when you sign out

Signing out of Ciripi clears:

  • The Supabase auth-token localStorage entry
  • All ciripi_c_* feed-cache entries

The ciripi_consent preference entry is not cleared on sign-out, so you will not see the consent banner again until you explicitly clear your browser data. Service worker Cache Storage entries are also retained after sign-out, as they contain only public content and static assets.

10. Changes to this policy

We will update this policy whenever we add, change, or remove browser-storage entries. For material changes — for example, introducing a new non-essential storage category — we will notify you by email and/or in-app notice at least 30 days before the change takes effect and re-present the consent banner. We will update the “Last updated” date above for all changes.

11. Contact

Questions about our use of browser storage? Email privacy@ciripi.com.