Cookie Policy

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences and enable core functionality.

2. Cookies We Use

BOS 360 uses a minimal set of cookies, all of which are strictly necessary for the Service to function:

2.1 Authentication Cookies

• Session token — Identifies your authenticated session. Expires after inactivity. Essential for staying logged in.

2.2 OAuth State Cookies (Temporary)

These cookies are created during third-party authentication flows and automatically deleted after 2 minutes:

• __google_pending — Google OAuth state (HMAC-signed, httpOnly, secure)
• __gdrive_pending — Google Drive OAuth state

These cookies contain a cryptographic state token to prevent CSRF attacks during the OAuth flow. They are set with httpOnly, secure, and sameSite=lax flags.

2.3 Preference Cookies

• Theme preference — Stores your light/dark mode choice (via next-themes). Local storage, not a tracking cookie.
• Language preference — Determined by URL path (/en/ or /fr/), not stored as a cookie.

3. What We Do NOT Use

• No analytics or tracking cookies (no Google Analytics, no Facebook Pixel)
• No advertising cookies
• No third-party tracking scripts
• No fingerprinting or cross-site tracking
• No social media tracking widgets

4. Cookie Consent

Since all our cookies are strictly necessary for the Service to function (authentication and security), they are exempt from the consent requirement under the ePrivacy Directive (Art. 5(3)) and GDPR Recital 32.

We do not require a cookie consent banner because we do not use any optional, analytics, or advertising cookies. If we add optional cookies in the future, we will implement a consent mechanism before doing so.

5. Managing Cookies

You can manage or delete cookies through your browser settings. Note that blocking essential cookies will prevent you from using the Service (you won't be able to stay logged in).

Common browser cookie settings:

• Google Chrome
• Mozilla Firefox
• Safari
• Microsoft Edge

6. Updates

If we change our cookie practices (e.g., add analytics), we will update this page and, if required, implement a consent mechanism.

7. Contact

Questions about our cookie practices:
privacy@bos360.app