Cookie Policy — SparLink
Last updated: April 21, 2026 Version: 1.0
⚠️ Draft pending legal review.
1. What cookies are
Cookies are small text files that the websites you visit save on your device to store information (e.g., keeping you authenticated, remembering preferences). In addition to cookies, similar technologies exist — localStorage, sessionStorage, JWT tokens — that work in an analogous way and are treated equivalently by this policy and by European law.
This policy is provided under Art. 122 of the Italian Privacy Code (Legislative Decree 196/2003, as amended by Legislative Decree 101/2018), the Guidelines of the Italian Data Protection Authority of 10/06/2021 on cookies, and Art. 5(3) of the ePrivacy Directive 2002/58/EC.
2. Cookies used by SparLink
2.1 Technical cookies — consent NOT required
Necessary for the operation of the Service. Their installation does not require consent under Art. 122 para. 1 of the Italian Privacy Code.
| Name | Purpose | Duration | Type |
|---|---|---|---|
sparlink_session | Keep the authenticated session | Session / 7 days | First-party |
csrf_token | Protection against Cross-Site Request Forgery attacks | Session | First-party |
auth_jwt (localStorage) | JWT authentication token for API calls | 7 days | First-party |
preferences (localStorage) | Store UI preferences (e.g., theme, language) | Persistent until deletion | First-party |
2.2 Anonymous analytics cookies — case-by-case assessment
We use Vercel Analytics to measure use of the Service in aggregate, anonymous form (page views, time on page, country-level geography). Vercel Analytics:
- does not use persistent third-party cookies;
- does not perform browser fingerprinting;
- does not collect identifying data about the user;
- anonymizes IP addresses.
Under the guidance of the Italian Data Protection Authority (2021 Cookie Guidelines), analytics tools that meet all of these conditions may be treated as technical cookies and not require prior consent. If the Vercel Analytics configuration changes (e.g., advanced analytics or integrations with marketing tools are enabled), this policy will be updated and consent will be requested via a cookie banner.
⚠️ If in the future the Provider integrates tools such as Google Analytics, Meta Pixel, Hotjar, Mixpanel, Amplitude, or similar, these would be classified as profiling/marketing cookies and would require prior, explicit consent via a Consent Management Platform (CMP).
2.3 Profiling / marketing cookies — currently not used
SparLink does not currently use marketing or advertising-profiling cookies. We do not use Google Ads, Meta Ads, retargeting, nor do we share data with advertising networks.
If such tools are introduced in the future, a compliant Consent Management Platform (CMP) will be implemented with a first-visit banner allowing users to accept, reject, or customize preferences, as required by the GDPR and the Italian Data Protection Authority's Guidelines.
3. Third-party cookies
Some Service features rely on external providers that may set their own technical cookies when loaded:
| Provider | Context | Type | Privacy details |
|---|---|---|---|
| Stripe | Only during subscription checkout | Technical + anti-fraud (Stripe Radar) | https://stripe.com/privacy |
| Supabase | Profile photo storage (CDN) | Technical | https://supabase.com/privacy |
| Vercel | Application hosting | Technical | https://vercel.com/legal/privacy-policy |
Third-party scripts are loaded only when necessary (e.g., Stripe only on the checkout page). For data processing by these providers, please consult their respective policies.
4. How to manage cookies
4.1 From your browser settings
You can manage or disable cookies from your browser settings. Instructions:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences
- Safari: https://support.apple.com/guide/safari/manage-cookies-sfri11471/
- Edge: https://support.microsoft.com/en-us/windows/delete-and-manage-cookies
⚠️ Disabling technical cookies may cause some SparLink features (login, session, security) to stop working correctly.
4.2 From the cookie banner (when active)
If in the future we introduce cookies that require consent, you will be able to manage your preferences from the cookie banner shown on first visit, and reopen the banner at any time from the site footer ("Manage cookie preferences").
4.3 Withdrawing consent
Should you in the future have given consent to marketing/profiling cookies, you will be able to withdraw it at any time with one click, from the same tool (CMP) through which you gave consent — without affecting the lawfulness of prior processing.
5. Data controller and contacts
- Controller: SparLink
- Registered office: [to be defined]
- Privacy email:
privacy@sparlink.app
For further details on the processing of personal data, see the Privacy Policy.
6. Changes to this policy
We will update this policy when new tools that use cookies or equivalent technologies are introduced. The current version is always available at {{COOKIE_URL}}. The date of last update is shown at the top of the document.
Document version 1.0 — April 21, 2026