Cookie-Richtlinie

Cookie Policy

Last updated: 2026-05-04

This Cookie Policy explains how Supaplan uses cookies on its website only. The Supaplan mobile app does not use browser cookies.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

2. Cookies We Currently Use

The Supaplan website sets two categories of cookies:

  1. Strictly necessary — required for the website to function (no prior consent needed under the e-Privacy Directive Article 5(3) and GDPR Recital 47).
  2. Analytics + support chat (marketing pages only) — Google Analytics (GA4) and Tidio live-chat scripts run on the public marketing site to measure aggregate traffic and offer in-page support; both set their own cookies. They are not loaded on the authenticated calendar app (/cal/*), the public booking pages (/book/*), the shared-event pages (/shared/*), or under /cal/admin/. We are working on a cookie consent banner so you can affirmatively accept or reject these cookies before they are set; until then, you can prevent them by using your browser's tracking-protection settings or the per-vendor opt-outs in §5.

| Category | Purpose | Cookie names | Set by | |----------|---------|--------------|--------| | Authentication | Maintain your signed-in session and refresh access tokens | sb-* (Supabase SSR) | Supabase Auth via the Supaplan web app | | Preferences | Remember the locale you selected for marketing pages | NEXT_LOCALE (or equivalent set by next-intl) | Supaplan web app | | Analytics (marketing pages only) | Measure page views and aggregate site usage on the public marketing site | _ga, _ga_*, _gid | Google Analytics (GA4) via www.googletagmanager.com | | Support chat (marketing pages only) | Tidio live-chat session and visitor identification | Tidio chat session cookies (set by code.tidio.co) | Tidio via src/components/general/TidioChat.tsx |

Authentication cookies are set with HttpOnly, Secure, and SameSite attributes. They are removed when you sign out or when the session expires.

Google Analytics cookies are set by first-party JavaScript loaded from www.googletagmanager.com. Analytics data is processed by Google LLC under their Privacy Policy. You can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by managing cookies in your browser settings (see §5).

Cookie consent (work in progress): A consent banner is on the follow-up backlog (tracked as OP-W-14). Until shipped, the analytics and support-chat cookies above load by default on the marketing site under a legitimate-interest basis. EU/UK visitors who want to block them can do so via browser settings (see §5) or via the privacy-policy contact. We do not place these scripts on authenticated /cal/* traffic.

3. Product Analytics (Browser Storage, Not Cookies)

When you are signed in to the Supaplan calendar app (/cal/*), we load Mixpanel to understand how the product is used. Mixpanel is configured to use localStorage for its identifiers — it does not set cookies — so this section is informational rather than a cookie disclosure.

| Tool | Purpose | Storage | Set by | |------|---------|---------|--------| | Mixpanel | Product analytics on the authenticated calendar app (/cal/*) — page views, onboarding events | localStorage (no cookies) | Mixpanel via the Supaplan web app, EU residency (api-eu.mixpanel.com) |

Mixpanel is not loaded on the marketing website, public booking pages (/book/*, /shared/*), or pre-authentication screens (/cal/auth*). It only initialises after you sign in.

You can clear Mixpanel's localStorage entries at any time via your browser settings, or by signing out (which calls mixpanel.reset()).

4. Cookies We Do Not Use

We currently do not set:

  • Advertising or remarketing cookies.
  • Cross-site tracking pixels beyond what Google Analytics / Tidio set on their own domains.

If we add cookies in any of these categories in the future, we will update this policy.

5. Managing Cookies

You can manage cookies via your browser settings (clear, block, or limit cookies for specific sites).

  • Authentication cookies — blocking these will sign you out and prevent access to the authenticated areas of the website.
  • Analytics cookies — you can opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or by deleting and blocking the _ga* and _gid cookies in your browser settings. Opting out does not affect site functionality.

6. Changes to This Policy

We may update this Cookie Policy from time to time. The latest version is always published on our website with an updated "Last updated" date.

7. Contact

📧 [email protected]