This policy requires legal counsel review before production launch.
The current version is a best-practices draft based on what the Fotiqo platform actually sets. Final wording is subject to review by qualified legal counsel.
Cookie Policy
Last updated: 2026-04-20
What are cookies?
Cookies are small text files stored on your device when you visit a website. We also use similar technologies such as localStorage, sessionStorage, and (on the kiosk surface) IndexedDB. For simplicity, “cookies” in this policy covers all of them.
Categories we use
We group cookies into four categories. Only the strictly necessary category runs without your consent; everything else is opt-in via the cookie banner or the preferences control in the site footer.
1. Strictly necessary
These cookies make the site work. Without them you can't sign in, place an order, or use basic site features. You cannot disable them through our banner, but your browser still lets you block them (see “How to disable cookies” below).
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| next-auth.session-token | Fotiqo (first-party) | Keeps you signed in to your Fotiqo account. | Session (30 days rolling) |
| next-auth.csrf-token | Fotiqo (first-party) | Protects sign-in forms against cross-site request forgery (CSRF). | Session |
| next-auth.callback-url | Fotiqo (first-party) | Remembers the page you were on before signing in so we can return you to it. | Session |
| fotiqo-cookie-consent | Fotiqo (first-party) | Stores your cookie preferences so the banner doesn't reappear on every page. | 12 months |
| fotiqo-kiosk-device-token | Fotiqo (first-party, kiosk only) | Identifies a physical kiosk terminal so its branding + offline cache load correctly. Not personal data. | Persistent (until kiosk is reset) |
2. Performance & analytics
Anonymous, aggregated measurement of how the site is used. Helps us find broken pages and decide what to build next. Disabled until you opt in.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| _pk_* / (no cookie by default) | Plausible Analytics (EU, first-party when self-hosted) | Counts anonymous pageviews and custom events to help us improve the product. Plausible does not use cookies in its default configuration and never fingerprints visitors. | N/A (cookieless) |
| _clck, _clsk, CLID, ANONCHK, SM, MR | Microsoft Clarity (third-party — loaded only on the public homepage, and only with your consent) | Aggregates heatmaps and session replays so we can see where the homepage is confusing. IP and other identifiers are masked by Clarity. | 1 day – 1 year (varies by cookie) |
3. Functional
Remember preferences (language, theme) and keep secure checkout sessions alive. Most functional cookies load only when you use the feature that needs them (e.g. Stripe cookies appear only on checkout pages).
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| NEXT_LOCALE | Fotiqo (first-party) | Remembers your preferred language. | 12 months |
| fotiqo-theme | Fotiqo (first-party) | Remembers your light/dark theme preference. | 12 months |
| __stripe_mid, __stripe_sid | Stripe, Inc. (third-party — loaded only on checkout + kiosk payment surfaces) | Fraud prevention and payment session continuity. Required to accept card payments securely. | 30 minutes – 1 year |
4. Marketing
Advertising trackers and retargeting pixels. Disabled until you opt in.
Not currently used. If Fotiqo adds cookies to this category in future, we will ask for your consent before they are set.
How to manage or disable cookies
- Via our cookie banner. Click “Customize” in the banner that appears on your first visit, or re-open it at any time from the “Cookie preferences” link in the site footer. You can change your mind whenever you like.
- Via your browser. Every modern browser lets you block or delete cookies. See Chrome, Firefox, Safari, or Edge. Note that blocking strictly necessary cookies will break sign-in and checkout.
- Via third-party opt-outs. For Microsoft Clarity, visit Microsoft's privacy controls.
Do Not Track
Fotiqo honours the “Global Privacy Control” signal (Sec-GPC: 1) the same way it honours a “reject all” on the banner: analytics and marketing categories stay off.
Changes to this policy
When we add, remove, or substantially change a cookie we will update the table above and bump the “Last updated” date. Material changes also re-prompt the consent banner.
Contact
Questions about this policy? Email privacy@fotiqo.com. See also our Privacy Policy and GDPR rights page.
Last updated: 2026-04-20 · Best-practices drafts — pending legal counsel review