savien Legal

Cookie Policy

Information on cookies, local storage and similar technologies.

Public

Last updated: 2026-05-12

savien uses cookies, local storage, session storage and similar technologies to provide the website and application. In Germany, access to information on terminal devices is governed in particular by Section 25 TDDDG.

1. Principle

Technically necessary storage may be used without separate consent where it is strictly necessary to provide the digital service expressly requested by the user. The legal basis for terminal-device access is then Section 25(2) No. 2 TDDDG.

Non-essential storage, in particular for marketing, remarketing, external tracking pixels, heatmaps or comparable analytics purposes, may be used only after valid consent. The legal basis for terminal-device access is then Section 25(1) TDDDG; subsequent personal data processing is governed by the GDPR.

2. Technically Necessary Storage

These storage mechanisms are required for login, security, language, session and core functions.

Examples:

Supabase Auth cookies and, where applicable, local Supabase session data for login, token renewal and protected dashboard access.
Cookies or routing information for language and locale detection.
Security and CSRF-/origin-related protection mechanisms.
Inactivity/session status.
UI state where required for specific use.
MFA or verification states where required for the login flow.

3. Functional Storage

Functional storage may support convenience features such as UI preferences, dismissed notices, recent views or filters. Where it is not strictly necessary, it relies on consent, is justified as a necessary convenience feature or can be controlled by opt-out.

Examples:

Dismissed UI notices in the product area.
Recently used filters or views.
Local display settings.

4. Analytics, Performance and Tracking

savien currently contains internal usage analytics for logged-in users as well as Vercel Analytics and Vercel Speed Insights.

Internal page tracking: stores path and user ID for logged-in users server-side. It serves operations, product improvement and support. Admin and API paths are not tracked. Where there is no terminal-device access, Section 25 TDDDG is not relevant; the privacy assessment is made under GDPR.
Vercel Analytics / Speed Insights: measures page views and technical performance. The concrete processing in the deployment is documented, including whether cookies or similar terminal-device access occur and whether consent is required.

Marketing tracking, remarketing, external advertising pixels, heatmaps or session replay should not be enabled for the first launch unless a consent banner with documented consent, withdrawal and provider description is implemented.

5. Example Website Table

This table describes the cookies and storage used in the production deployment.

Name / Pattern	Provider	Purpose	Duration	Category
`sb-...-auth-token` / Supabase Auth cookies	Supabase / savien	Login, session, token renewal	Session or defined auth duration	Necessary
`sb-...-code-verifier` or comparable auth-flow data	Supabase / savien	Verification, magic link, OAuth/auth flows	Short-term	Necessary
`NEXT_LOCALE` or comparable locale storage	savien / next-intl	Language setting and routing	Session to 1 year	Necessary/functional
Local UI preference (localStorage)	savien	Dismissed notices, filters, display state	No expiry (until browser data is cleared)	Functional, classification to review
Vercel Analytics / Speed Insights	Vercel	Usage and performance analytics	Cookieless – no persistent identifier	Analytics (technically operational)

6. Go-Live Decision

Recommendation for the first launch:

Use only technically necessary cookies and storage without consent.
Finalise privacy documentation for Vercel Analytics, Speed Insights and internal page tracking.
Do not enable marketing tracking.
Include cookie/storage information in the Privacy Policy.
Build a consent banner with withdrawal option before enabling non-essential tools.
Document a browser check with Chrome, Safari and Firefox and update this table.