SlovoHub
Sign in

Draft - not yet legally effective

This document is a working draft and has not been reviewed by counsel. It does not yet have legal effect; it is published for transparency about the policies we are preparing for launch.

SlovoHub Cookie Policy

DRAFT - NOT YET LEGALLY REVIEWED. This document is a working draft. Do not publish on slovohub.com until reviewed by a qualified Bulgarian/EU lawyer. The cookie inventory below MUST be reconciled against what the production site actually sets before publication.

Version0.3 (draft)
Last updated2026-05-13
Effective datenot yet effective - pending entity registration and legal review

1. What this policy covers

This Cookie Policy explains how SlovoHub uses cookies and similar technologies (such as localStorage, sessionStorage, and the IndexedDB used by the Progressive Web App) when you visit slovohub.com or use the SlovoHub web app.

It supplements our Privacy Policy. Read that first for the full picture of how we handle personal data.

2. What is a cookie?

A cookie is a small text file that a website stores on your device when you visit it. Cookies allow the website to remember things about you, like whether you are signed in or what language you prefer.

Similar technologies include localStorage and sessionStorage (which let a website store information in your browser without using cookies), and IndexedDB (which lets a Progressive Web App store larger amounts of data for offline use). For brevity, we refer to all of these as "cookies" in this policy.

3. The cookies we use

We use only the cookies and similar technologies listed below.

3.1 Strictly necessary

These cookies are required for the Service to function. They are set without your consent because the Service cannot operate without them.

NamePhasePurposeTypeLifetime
NEXT_LOCALEActive (Phase 0)Remembers your language preference (EN or BG) so the page renders in the right language on return visits.First-party HTTP cookie12 months
sb-access-token, sb-refresh-tokenActive (Phase 1)Supabase Auth session cookies. Keep you signed in across page loads and rotate the refresh token. Set only after you sign in.First-party HTTP-only cookiesSession (access) and 30 days (refresh)
consent_v1Active (Phase 1)Records your cookie consent choices ({ essential, analytics, timestamp }) so we don't ask again. Replaces the previously-listed slovohub_consent.First-party HTTP-only cookie12 months
consent_sessionActive (Phase 1)Anonymous session identifier set alongside consent_v1 for visitors who are not signed in, so the audit log can demonstrate consent for the same browser session (GDPR Art. 7(1)).First-party HTTP-only cookie12 months
patreon_oauth_statePlanned - Phase 1 (Patreon OAuth)OAuth CSRF state token; prevents cross-site request forgery during the Patreon sign-in round trip.First-party HTTP-only cookie10 minutes
PWA cache (localStorage + IndexedDB)Planned - Phase 1 (offline shelves)Stores assets and your own Shelf data for offline access.First-party browser storageUntil you clear browser data, sign out, or uninstall the PWA

3.2 Analytics

We use Plausible Analytics (operated by Plausible Insights OÜ, hosted in the EU) to understand how the Service is used in aggregate.

Plausible is cookieless: it does not set any cookie on your device, does not assign you a persistent identifier, and does not track you across other websites. The visit counts and page-view aggregates we see are derived from a per-day hash that cannot be linked back to you. Because Plausible meets these criteria, the French CNIL's deliberation of 27 March 2020 (and EDPB guidance to similar effect) treats it as exempt from the ePrivacy consent requirement, so we run it without a cookie banner.

ProviderPurposeCountryCookies setLifetime
Plausible Insights OÜAggregate, privacy-respecting product analytics. We do not track individual users across sites or sessions in a way that identifies you.EUNoneN/A (cookieless)

We do not use Google Analytics, Facebook Pixel, Hotjar, or any other US-based or behavioural-tracking analytics tool.

3.3 We do not use

  • Advertising or retargeting cookies. SlovoHub does not show ads.
  • Social media tracking pixels.
  • Cross-site tracking cookies.

4. Your consent

Phase 0 (waitlist - historical). Only NEXT_LOCALE was set, and our analytics provider (§3.2) is cookieless and does not require consent under the ePrivacy Directive. There was no cookie banner during Phase 0 - we had nothing to ask consent for.

Phase 1 (accounts launch - current). With accounts shipping, additional strictly necessary cookies (sb-access-token, sb-refresh-token, consent_v1, consent_session, patreon_oauth_state) start being set. On your first visit you will see a cookie banner that blocks page interaction until you make a choice (per the EU Data Protection Board's guidance that "continued browsing = consent" is no longer compliant). You can:

  • Accept all - we record your acceptance in consent_v1 (analytics: true). We currently set no additional cookies beyond §3.1 even when you accept all, because Plausible remains cookieless; the analytics: true flag merely turns on the (cookieless) Plausible script.
  • Reject non-essential - we record consent_v1 (analytics: false) and do NOT load the Plausible script at all.
  • Save preferences - the same as the other two buttons but using the granular Analytics toggle you set on the banner.

Strictly necessary cookies (§3.1) will continue to be set regardless of your choice, because the Service cannot work without them. You can change your preferences at any time by clicking "Cookie preferences" in the footer of any page; the banner re-opens with your current choices pre-selected.

We keep an audit row in our database for every consent decision (the choice, an SHA-256 hash of your IP, your user agent, and a timestamp) so that we can demonstrate consent if asked, as required by GDPR Article 7(1). The audit row is never shared with third parties.

5. Managing cookies in your browser

You can also manage cookies directly in your browser. Each browser is different; here are links to the main ones:

If you block strictly necessary cookies, parts of the Service (sign-in, secure form submission) will not work.

6. Do Not Track

Some browsers send a "Do Not Track" signal. There is no industry consensus on how websites should respond to this signal, and we currently do not respond to it specifically. Our cookie consent banner gives you direct, granular control instead.

7. Children

We do not knowingly target children under 16 (see §12 of the Privacy Policy). The cookies we use are not designed for or aimed at children.

8. Changes to this policy

We may update this Cookie Policy when we change the cookies we use, change provider, or in response to legal developments. We will update the version and date at the top of this page. Material changes (for example, adding a new analytics provider or cookie category) will be reflected in the cookie banner so you can review and re-consent.

9. Contact

For any question about this Cookie Policy:

privacy@slovohub.com

Changes to this policy

  • 0.3 (2026-05-13) - Phase 1 accounts launch: added sb-access-token, sb-refresh-token, consent_v1, consent_session, patreon_oauth_state to §3.1; replaced the placeholder slovohub_consent row with the real consent_v1 cookie. §4 split into Phase 0 (historical, no banner) vs Phase 1 (current, banner blocks interaction; audit row per Art. 7(1)).
  • 0.2 (2026-05-11) - Cookie inventory split into "Active (Phase 0)" vs "Planned" rows so disclosure reflects what is actually set today. §3.2 names Plausible as the analytics provider and documents why it runs without a banner. §4 split into Phase 0 (no banner) vs Phase 1 (banner) sections.
  • 0.1 (2026-05-09) - Initial draft.