Cookie Policy

Last updated: September 24, 2025

1) Scope

This Cookie Policy explains how Inveniire uses cookies and similar technologies (e.g., localStorage, sessionStorage, pixels, SDKs) on our website and app (the “Platform”). It should be read together with our Privacy Policy and Terms of Service.

2) What are cookies and similar tech?

• Cookies: small text files stored by your browser to remember your session and preferences.
• Local/session storage: key–value storage in your browser used for tokens and UI state.
• Pixels/Beacons: tiny images or scripts that record events (e.g., delivery, open).
• SDKs: client libraries used by integrated services (e.g., auth, email, maps).

3) How we use them

• Strictly necessary — security, authentication, load balancing, fraud prevention, rate limiting.
• Preferences — language, UI state, last-used filters, remembered choices (e.g., cookie consent).
• Analytics (optional) — to improve reliability and UX; if we enable third-party analytics, we will update this page and the consent banner.
• Marketing (currently off) — we do not set marketing/retargeting cookies in the MVP. If this changes, we will request consent.

4) Representative cookies & storage

Exact names may vary by environment. Examples:

• sb:token, sb:refresh — session/auth (strictly necessary; may be in cookies or storage)
• inveniire_consent — your cookie preferences (preferences)
• inveniire_pref — UI state (preferences)
• inveniire_search_recent — recent searches (preferences)
• __cf_bm or similar (if used by CDN) — bot management (strictly necessary)

5) Third-party services

We integrate third-party providers for hosting, authentication, email delivery, and geolocation (e.g., auth/DB, email transactionals, map tiles). These services may place their own cookies or use local storage according to their policies. Where feasible, we minimize third-party identifiers and avoid marketing pixels.

6) Consent & your choices

• Consent banner: On first visit (and periodically), we display controls (Accept All / Reject Non-essential / Manage). You can adjust at any time in settings or by clearing cookies.
• Granular controls: You can enable/disable non-essential categories. Strictly necessary cookies cannot be disabled because the site won’t function.
• Browser controls: You can block/delete cookies and storage in your browser (instructions vary by browser).
• Global Privacy Control (GPC): If your browser sends a GPC signal, we treat it as an opt-out for sale/share/targeting where legally required.
• Do Not Track (DNT): We honor DNT as a preference to disable non-essential tracking where technically feasible.

7) Retention

• Session cookies: expire when you close the browser.
• Persistent cookies/storage: generally 7–30 days (preferences) or as needed for security/compliance. Consent records may be retained up to 24 months.
• We may retain server-side logs for security and audit as described in our Privacy Policy.

8) Regional notices

• Canada (PIPEDA/CPPA): We use implied consent for strictly necessary cookies and obtain express consent for non-essential categories.
• EEA/UK (GDPR/PECR): We request affirmative consent before setting non-essential cookies and document consent choices.
• US State laws: Where applicable (e.g., CPRA/CPA/CTDPA), we honor opt-out signals for targeted advertising or “sale/share” when/if used.

9) Managing cookies

You can manage cookies via our on-site controls, your browser settings, and device-level advertising preferences. Blocking strictly necessary cookies may break login, payments, or core features.

10) Updates

We may update this Cookie Policy to reflect changes in law, technology, or our practices. We’ll post the new date above and adjust the consent banner if categories change.

11) Contact

Questions about cookies? Email support@inveniire.com.