Cookie Policy
Last updated:
1. What Are Cookies?
Cookies are small text files that are placed on your device (computer, tablet, smartphone) when you visit a website. They are widely used to make websites work more efficiently and provide information to website owners.
Similar technologies include local storage, session storage, and other browser-based storage mechanisms. In this policy, we use "cookies" to refer to all such technologies.
2. Our Privacy-First Approach
At Carouselr, we are committed to respecting your privacy. We follow a minimal cookie approach:
- We use only essential cookies necessary for the Service to function
- We use privacy-focused analytics that do not require cookies (Plausible Analytics)
- We do not use third-party advertising or tracking cookies
- We do not sell or share your data with advertisers
3. Types of Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
These cookies are necessary for the Service to function and cannot be disabled:
| Cookie Name | Purpose | Duration |
|---|---|---|
| better-auth.session_token | Signed session token that maintains your logged-in session | 30 days or until logout |
| better-auth.session_data | Optional cached session data for improved performance | 5 minutes (configurable) |
| better-auth.dont_remember | Flag indicating when "remember me" is disabled | Session |
Legal Basis: These cookies are necessary for contract performance (providing the Service you requested) and do not require consent under GDPR. CSRF (Cross-Site Request Forgery) protection is implemented using non-simple HTTP headers and Content-Type validation rather than cookies, providing security without additional tracking.
3.2 Functionality Cookies
These cookies remember your preferences to enhance your experience:
| Cookie/Storage | Purpose | Duration |
|---|---|---|
| theme_preference | Remembers your color theme choice | 1 year |
| carousel_drafts | Saves your work in progress (local storage) | Persistent |
| ui_preferences | Stores interface settings (sidebar state, etc.) | 1 year |
Legal Basis: Legitimate interest in providing a better user experience. You can clear these at any time through your browser settings.
3.3 Analytics (Cookieless)
We use Plausible Analytics, a privacy-friendly analytics service that:
- Does not use cookies
- Does not collect personal data
- Does not track users across websites
- Is GDPR, CCPA, and PECR compliant
- Provides aggregate statistics only (page views, referrers, device types)
Legal Basis: Legitimate interest in understanding how our Service is used to improve it. No consent required as no personal data is collected.
Learn more: Plausible Data Policy
4. Third-Party Cookies
We use third-party services that may set their own cookies:
4.1 Authentication (Google OAuth)
When you sign in with Google, Google may set cookies according to their own policies:
4.2 Content Delivery (CDN)
We may use content delivery networks to serve static assets efficiently. These services typically do not set tracking cookies.
5. Cookies We Do NOT Use
To protect your privacy, we explicitly do NOT use:
- Advertising cookies: No ads, no ad tracking
- Social media tracking pixels: No Facebook Pixel, no Twitter tracking
- Marketing automation cookies: No retargeting, no behavioral tracking
- Cross-site tracking: We don't track you across other websites
- Third-party analytics cookies: No Google Analytics, no invasive tracking
6. Managing Cookies
6.1 Browser Controls
Most browsers allow you to control cookies through settings:
- Block all cookies: Prevents any cookies from being set (may break functionality)
- Delete cookies: Remove existing cookies
- Block third-party cookies: Allow first-party cookies only
- Private browsing: Cookies are deleted when you close the browser
How to manage cookies in popular browsers:
⚠️ Important: Disabling essential cookies may prevent you from using certain features of the Service, such as logging in or saving your work.
6.2 Clear Local Storage
To clear locally stored data (drafts, preferences):
- Open your browser's Developer Tools (F12)
- Go to the "Application" or "Storage" tab
- Select "Local Storage" or "Session Storage"
- Delete the carouselr.com entries
7. Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) signal. Since we already use minimal, privacy-focused analytics without cookies, enabling DNT does not change our behavior. We respect your privacy regardless of this setting.
8. GDPR Compliance
Our cookie practices comply with GDPR (General Data Protection Regulation) and the ePrivacy Directive:
- Essential cookies do not require consent (Article 6(1)(b) GDPR)
- Functionality cookies are based on legitimate interest (Article 6(1)(f) GDPR)
- We use cookieless analytics (no consent required)
- You can exercise your data rights (see our Privacy Policy)
9. Cookie Duration
We use two types of cookies based on duration:
9.1 Session Cookies
These temporary cookies are deleted when you close your browser. Used for session management and security.
9.2 Persistent Cookies
These cookies remain on your device for a set period (typically 30 days to 1 year) or until manually deleted. Used for authentication and preferences.
10. Updates to This Policy
We may update this Cookie Policy to reflect changes in:
- Our cookie practices
- Legal requirements
- Third-party services we use
Changes will be posted with a new "Last updated" date. Significant changes will be communicated via email or website notice.
11. Your Consent
By using our Service, you consent to our use of essential and functionality cookies as described in this policy. Since we:
- Use only necessary cookies for functionality
- Use cookieless analytics
- Do not use advertising or tracking cookies
We do not display a cookie consent banner, as it is not required under GDPR for our minimal cookie usage.
12. Contact Us
If you have questions about our use of cookies, contact us:
Email: [email protected]
Data Protection Officer: [email protected]
Support: [email protected]