Which cookies and similar technologies the ChefSphere website uses, why we use them, how to manage your preferences, and how to withdraw consent.
This Cookie Policy explains how the ChefSphere website (chefsphere.app and subdomains, together the "Website") uses cookies and similar technologies. It supplements the Privacy Policy. The mobile apps do not use browser cookies; they use device-level storage and push tokens described in the Privacy Policy.
1. What cookies are
A cookie is a small text file that a website stores in your browser. "Similar technologies" include local storage, session storage, and pixel tags that achieve comparable purposes. In this Policy we use "cookies" to mean cookies and all similar technologies.
2. Categories of cookies we use
We group our cookies into three categories.
Strictly necessary
These cookies are required for the Website to function. They do not collect personal data for profiling and cannot be disabled through our consent controls, but you can block them in your browser (the Website may not work properly if you do).
| Name | Purpose | Retention |
|---|---|---|
| Session cookie | Keeps you signed in during a visit | Until you close the browser or sign out |
| Auth refresh token cookie | Renews your session securely; marked HttpOnly and Secure | Up to 30 days |
| CSRF token | Protects forms from cross-site request forgery | Session |
| Locale cookie | Remembers your selected language | 1 year |
| Theme cookie | Remembers light / dark / chef theme | 1 year |
| Consent cookie | Stores your cookie choices | 12 months |
Legal basis: Art. 5(3) of Directive 2002/58/EC (ePrivacy Directive) — exemption for storage or access to information "strictly necessary for the provision of a service explicitly requested by the subscriber or user". In Germany this exemption is transposed by § 25(2) Nr. 2 TTDSG (Telekommunikation-Telemedien-Datenschutz-Gesetz); the same exemption is used in other Member States' transpositions of Art. 5(3).
Functional
Functional cookies remember preferences that improve how the Website works for you. They are only set after you consent.
- Dismissal state of onboarding banners
- Last-visited feature shortcut
- "Remember this device" for two-factor authentication, where you enabled it
Legal basis: your prior informed consent under Art. 5(3) of Directive 2002/58/EC (ePrivacy) — in Germany, § 25(1) TTDSG — and Art. 6(1)(a) GDPR for the resulting personal-data processing.
Analytics and performance
We set a minimal set of analytics cookies to understand how the Website is used in aggregate, to detect errors, and to identify slow pages. Data is stored and processed in a way that limits the ability to identify you personally. Analytics cookies are only set after you consent.
Legal basis: your prior informed consent under Art. 5(3) of Directive 2002/58/EC (ePrivacy) — in Germany, § 25(1) TTDSG — and Art. 6(1)(a) GDPR.
What we do not do
- We do not use advertising or behavioural-retargeting cookies.
- We do not "sell" or "share" personal information for cross-context behavioural advertising within the meaning of the CCPA / CPRA.
- We do not place third-party marketing tags.
3. Managing your preferences
When you first visit the Website from an EEA, UK, or Swiss IP address we show a consent banner. You can accept all, reject all, or customise by category. Your choice is stored in the Consent cookie and can be changed at any time by visiting Settings → Cookie Preferences (available in the site footer on every page). Withdrawing consent is as easy as giving it.
You can also manage cookies directly in your browser:
- Safari: Preferences → Privacy
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security
- Edge: Settings → Cookies and site permissions
Most browsers also support the Global Privacy Control (GPC) signal. When the Website detects a GPC signal, non-essential cookies are not set unless you subsequently give explicit consent in-session.
4. Third parties and international transfers
Some essential cookies are set by our content delivery and edge-security provider and by our payment processor during checkout. Analytics providers may process aggregated usage data outside the EEA under transfer safeguards described in the Privacy Policy. We disclose these categories by function, not by vendor, because vendors can change without any difference to the data processed.
5. Retention
Each cookie's retention is listed above. Session cookies are deleted when you close your browser. Persistent cookies are deleted at the end of their lifetime or when you withdraw consent, whichever is sooner.
6. Changes to this Policy
If we start using a new cookie category or a new cookie with a materially different purpose, we update this Policy and re-display the consent banner. Past versions are available on request.
7. Contact
For any question about cookies or to make a privacy request, write to [email protected].