Last reviewed 2026-05-06
Cookie Policy
We use cookies and similar storage technologies (local storage, session storage) to run ecgtready.eu. This page explains what we set, why, and how you can change your choice.
1. Categories
- Strictly necessary - required for the site to work, e.g. signing you in or remembering your consent choice. No consent needed under ePrivacy Directive Art. 5(3).
- Functional - improve the experience (language, theme).
- Analytics - measure usage in aggregate to improve the product.
- Marketing - we currently do not use any marketing or advertising cookies.
2. Cookies we set
The following cookies are placed on your device when you visit ecgtready.eu. This inventory was last verified on 2026-05-12 and is reviewed each time the site is updated.
- sb-access-token / sb-refresh-token (Supabase auth). Strictly necessary. Purpose: keep you signed in. Duration: session for access token, 7 days for refresh token. First-party.
- ecoverify_consent. Strictly necessary. Purpose: remember your Accept or Reject choice on the cookie banner. Duration: 12 months from the date you make your choice. After expiry the banner is shown again so you can confirm or change your preference. First-party.
- NEXT_LOCALE. Strictly necessary for the site to serve you content in your selected language. Purpose: remember your language choice. Duration: 12 months. First-party. This cookie is required for routing and is set before the banner appears.
- theme. Functional. Purpose: remember dark or light mode. Duration: 12 months. First-party. Only written when you actively change the theme.
We do not run third-party analytics or advertising trackers today and no marketing or advertising cookies are set. If we add an analytics product (for example Plausible or PostHog EU), we will list it here and ask for prior consent before it loads.
| Name | Category | Purpose | Duration | Party |
|---|---|---|---|---|
| sb-* (Supabase auth) | Strictly necessary | Keep you signed in | Session + 7 days | First-party |
| ecoverify_consent | Strictly necessary | Remember your cookie choice | 12 months | First-party |
| NEXT_LOCALE | Strictly necessary | Serve content in your language | 12 months | First-party |
| theme | Functional | Remember dark or light mode | 12 months | First-party |
3. Consent before non-necessary cookies
Functional cookies that are not strictly necessary (for example the theme cookie) are written only after you actively make a choice in the relevant control. If you click Reject on the cookie banner, or close the banner without choosing, only strictly necessary cookies are placed. This prior consent approach applies to every category outside the strictly necessary group, and it applies on every visit until your stored choice expires after 12 months. You can revoke your choice at any time using the Cookie preferences link in the footer of any page.
4. Local and session storage
In addition to cookies, ecgtready.eu uses the browser local storage and session storage APIs. Session storage holds temporary UI state such as the current step in a multi step form and is erased when you close the tab. Local storage holds a small set of preferences (for example the most recent dashboard view) that are strictly necessary for the page you opened. We do not use local or session storage for analytics, tracking, or advertising.
5. Your choice
On first visit you see a banner with two equally prominent buttons: Accept and Reject. Reject is as easy as Accept and is the same single click. You can change your mind at any time from the cookie preferences link in the footer.
6. Consent log
When you make a cookie choice we record the UTC timestamp, your choice (Accept or Reject), and a generalised device class derived from your browser User Agent string (for example desktop browser or mobile browser). We do not store the raw User Agent string and we do not log a raw IP address with the consent record. Consent records are retained for 24 months so we can demonstrate compliance to the CNPD if asked, then deleted. The legal basis for this processing is our legitimate interest in demonstrating consent under GDPR Art. 7(1).
7. Full privacy information
This Cookie Policy covers only cookies and similar storage technologies. For the full Art. 13 disclosure (controller identity, retention schedule for every category of personal data, your rights of access, rectification, erasure, and objection, and how to exercise them), please read our Privacy Policy.
8. Browser settings
You can also delete or block cookies in your browser. Note that blocking strictly necessary cookies may break sign in.
9. Authority
The competent authority in Luxembourg is the Commission Nationale pour la Protection des Donnees (CNPD), cnpd.lu.
All legal pages
- Imprint
- Privacy
- Cookies
- Terms
- Disclaimer
- DPA
- Acceptable Use
- SLA
- Security
- Subprocessors
- Methodology
- Accessibility
- Refunds
- Data subject requests
- AI Act notice
- Intellectual property
- Communications
- Supply chain
- Speak up
- Our own claims
- Ethics
Questions about this page? contact@ecgtready.eu