Cookie Policy
This Cookie Policy explains which cookies and similar technologies are used on our service and why.
Last updated: May 18, 2026
1. Introduction
This Cookie Policy explains how Brodin Dev ("we", "us", or "our") uses cookies and similar technologies on our web application. It is intended to be read alongside our Privacy Policy and applies to all users of our service.
We are committed to your privacy. This policy reflects our obligations under the EU ePrivacy Directive (2002/58/EC, as amended), the General Data Protection Regulation (GDPR), and the Norwegian Electronic Communications Act (Ekomloven, Act No. 83 of 4 July 2003, §2-7b).
2. What Are Cookies?
Cookies are small text files that a website or web application places on your device when you visit. They allow the application to remember information about your session — for example, that you are logged in — so you don't have to re-authenticate on every page.
Cookies can be:
- First-party — set directly by us.
- Third-party — set by an external service you interact with (e.g., an OAuth provider or payment processor).
- Session cookies — deleted automatically when you close your browser.
- Persistent cookies — stored for a defined period after you close your browser.
3. The Cookies We Use
We use strictly necessary / functional cookies only. We do not use marketing, advertising, behavioural tracking, or any other non-essential cookies. Because we limit ourselves exclusively to cookies that are technically required for the application to function, no cookie consent banner is required under Article 5(3) of the ePrivacy Directive or §2-7b of Ekomloven.
3.1 Session & Authentication Cookies (Better Auth)
Our application uses Better Auth to manage user authentication. This sets first-party cookies for the following purposes:
| Purpose | Description | Type | Duration |
|---|---|---|---|
| Session token | Keeps you securely signed in across page loads and browser tabs. Without this cookie the application cannot authenticate you. | First-party, HTTP-only, Secure | Session / rolling expiry |
| Application state | Maintains necessary security state such as CSRF protection during authentication and account actions. | First-party, HTTP-only, Secure | Session |
These cookies are essential to the secure operation of the application. They contain no advertising identifiers and are not used for behavioural tracking.
4. Analytics — Cookieless & Privacy-Preserving
We use Vercel Analytics and Vercel Speed Insights to understand general usage patterns and monitor application performance.
These tools are specifically designed to be cookieless. They do not:
- Place any cookie or persistent identifier on your device.
- Track individual users across sessions.
- Store personal data on your device.
- Build behavioural profiles.
Data collected is aggregated, anonymised, and used solely to improve the reliability and performance of the application. Because no personal data is processed at the device level, these tools do not trigger cookie consent obligations under the ePrivacy Directive.
5. Third-Party Cookies During OAuth & Payments
When you choose to sign in using Google or GitHub (OAuth), you are briefly redirected to those providers' own interfaces. During that interaction, those providers may set their own strictly necessary cookies to manage the authentication flow.
Checkout for paid plans or subscriptions is handled by Polar.sh as Merchant of Record. During that checkout flow, Polar.sh may similarly set its own strictly necessary cookies on its own interfaces.
These cookies are:
- Set and controlled by the respective third party, not by us.
- Governed by each provider's own privacy and cookie policies.
- Limited to what is technically necessary to complete the OAuth handshake or payment transaction.
We encourage you to review the relevant policies:
We do not receive, store, or have access to any cookies set by these providers.
6. What We Do Not Do
To be explicit about the scope of our cookie use:
- We do not use Google Analytics, Google Ads, or any Google tracking tags.
- We do not use Meta Pixel or any Facebook/Instagram tracking.
- We do not use any third-party behavioural advertising networks.
- We do not sell, share, or broker data derived from cookies with any third party for marketing purposes.
- We do not use fingerprinting or any other tracking technique designed to circumvent cookie controls.
7. Your Rights
Under the GDPR, you have the right to access, rectify, erase, and port personal data we hold about you, as well as the right to object to or restrict certain processing. Because we process only the minimum data necessary to operate the application, the personal data associated with your session cookies is limited to your authenticated user identity.
To exercise any of your rights, or if you have questions about this policy, please contact us at:
8. Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in technology, legislation, or our practices. When we do, we will revise the "Last updated" date at the top of this page. We encourage you to review this page periodically.