Cookie Policy

1. Introduction

This Cookie Policy explains how NexPath Oy ("we," "our," "us") uses cookies and similar technologies on our website and platform. By using NexPath, you consent to the use of cookies as described in this policy.

2. What Are Cookies?

Cookies are small text files stored on your device (computer, tablet, mobile) when you visit a website. They allow the website to recognize your device and remember information about your visit, such as preferences, login status, and language settings.

3. Types of Cookies We Use

3.1 Strictly Necessary Cookies

These cookies are essential for the website to function and cannot be disabled. They enable core functionalities like:

• Authentication: JWT tokens stored in localStorage (not cookies) for secure login
• Security: CSRF protection tokens
• Session Management: Keeping you logged in during your session
• Payment Security: Stripe uses cookies for fraud detection and secure payment processing during checkout. These cookies are strictly necessary for payment functionality.

Legal Basis: Legitimate interest (essential for service provision)

3.2 Functional Cookies

These cookies enhance your experience by remembering your choices:

• Language Preference: Stores your selected language (EN, FI, etc.)
• Theme Preference: Remembers dark/light mode selection
• Accessibility Settings: Font size, contrast preferences

Legal Basis: Consent (you can disable via browser settings)

3.3 Analytics Cookies

These cookies help us understand how users interact with the platform:

• Usage Analytics: Page views, feature usage, time spent
• Performance Monitoring: Load times, error rates
• A/B Testing: Testing new features with user segments

Privacy-First Approach: We use privacy-preserving analytics tools (no third-party tracking). Data is anonymized and not linked to personally identifiable information.

Legal Basis: Consent (opt-in via cookie banner)

3.4 Marketing Cookies (Currently NOT Used)

We do NOT currently use cookies for:

• Advertising or retargeting
• Social media tracking
• Third-party behavioral profiling

If this changes in the future, we will update this policy and request explicit consent.

4. Third-Party Cookies

We minimize third-party cookies, but the following services may set cookies:

Both Supabase and Vercel are GDPR-compliant and host data within the EU. Stripe is GDPR-compliant and processes payment data securely.

5. localStorage and sessionStorage

In addition to cookies, we use browser storage mechanisms:

• localStorage: Stores JWT authentication tokens, theme preference, language preference (persistent across sessions)
• sessionStorage: Temporary data (cleared when browser closes)

These are similar to cookies but are not transmitted to the server with every request. They are essential for the platform to function.

6. Managing Cookies

6.1 Cookie Consent Banner

On your first visit, you will see a cookie consent banner. You can:

• Accept All: Enable all cookies (necessary, functional, analytics)
• Reject Non-Essential: Only strictly necessary cookies
• Customize: Choose which cookie categories to enable

You can change your preferences anytime via the cookie settings link in the footer.

6.2 Browser Settings

You can also control cookies via your browser:

• Chrome: Settings → Privacy and security → Cookies and other site data
• Firefox: Options → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Manage Website Data
• Edge: Settings → Cookies and site permissions

Note: Disabling necessary cookies may prevent the platform from functioning correctly.

6.3 Do Not Track (DNT)

We respect browser "Do Not Track" signals. When DNT is enabled, we will not set analytics cookies.

7. Cookie Lifespan

Cookies have different lifespans:

• Session Cookies: Deleted when you close the browser
• Persistent Cookies: Stored for a set period (e.g., 30 days for language preference, 1 year for analytics)

You can see cookie details via browser developer tools (Application → Cookies).

8. Updates to This Policy

We may update this Cookie Policy to reflect changes in technology or legal requirements. Updates will be posted on this page with a revised "Last updated" date.

9. Contact Us

For questions about our use of cookies, contact us at: