Legal

Cookie policy.

Last updated: 2026-06-14

1. Introduction

This Cookie Policy explains what cookies and similar technologies are, which ones bbuddy uses on bbuddy.co and within the Service, why we use them, how long they stay on your device, and how you can control them. It supplements our Privacy Policy.

This policy reflects the requirements of the ePrivacy Directive 2002/58/EC as amended, the Belgian Act of 13 June 2005 on electronic communications, the General Data Protection Regulation 2016/679, and the recommendations of the Belgian Data Protection Authority.

2. What cookies and similar technologies are

A cookie is a small text file placed on your device by a website or application. Similar technologies include local storage, session storage, pixels, beacons, scripts, and software development kits that read or write information on your device. In this policy, “cookies” refers to all of these technologies.

Cookies can be set by us (first-party cookies) or by third parties whose services we embed (third-party cookies). They can be session cookies (deleted when you close your browser) or persistent cookies (kept for a defined period).

3. Legal basis

We place strictly necessary cookies on the basis of Article 129 of the Belgian Act of 13 June 2005 on electronic communications, which does not require consent for cookies that are strictly necessary to provide a service you have expressly requested.

For the limited analytics and session-insight cookies described in section 5, we rely on the controls offered by your browser and by the relevant providers, as set out in section 9, for you to refuse or remove them. If we ever add marketing or advertising cookies, we will introduce a consent mechanism before any such cookie is set.

4. Strictly necessary cookies

These cookies are required for the Service to function and cannot be switched off. They are usually set in response to actions you take, such as logging in, completing a checkout, or submitting a form. The Service will not work properly without them.

  • bbuddy.session_token (and related auth cookies): First party. Maintains your authenticated session and protects against cross-site request forgery. HttpOnly and Secure. Lifetime: up to 7 days from your last sign-in, then deleted automatically.
  • bbuddy.csrf: First party. CSRF protection token paired with the session. Session cookie, deleted when you close the browser.
  • cf_clearance (Cloudflare): Third party (Cloudflare). Used as part of our edge security and bot-mitigation layer. Lifetime: up to 30 days. Strictly necessary to keep the Service available and secure.
  • cf_chl_* (Cloudflare Turnstile): Third party (Cloudflare). Used during CAPTCHA challenges (for example on the waiting-list form) to verify you are not a bot. Lifetime: session only.

5. Analytics and product-insight cookies

These cookies help us understand how the marketing site and the Service are used, so we can measure performance, diagnose issues, and prioritise improvements. You can refuse or disable them at any time using the controls described in section 9, including the provider-specific opt-out tools.

  • _ga, _ga_<container-id> (Google Analytics 4): Third party (Google Ireland Ltd.). Distinguishes unique visitors and aggregates page views, sessions, and events. We use IP anonymisation and short data-retention settings. Lifetime: up to 24 months for _ga; 2 years for the property-specific cookie. Data may be transferred outside the EEA subject to the safeguards described in our Privacy Policy.
  • _hjSessionUser_<id>, _hjSession_<id>, _hjAbsoluteSessionInProgress, _hjFirstSeen, _hjIncludedInSessionSample (Hotjar): Third party (Hotjar Ltd.). Records anonymised sessions, mouse movements, scrolls, and clicks so we can diagnose user-experience issues. Form inputs are masked by default. Lifetime: from session only up to 12 months depending on the cookie. Data may be transferred outside the EEA subject to the safeguards described in our Privacy Policy.

6. Functional preferences (local storage)

The Service stores a small number of preferences in your browser’s local storage rather than in cookies. Local storage is not transmitted to our servers; it stays on your device and is read by the Service when needed to render your preferred experience.

  • theme: First party, local storage. Remembers your dark- or light-mode preference. Lifetime: persists until you clear browser storage. No personal data is transmitted to our servers.

Because this storage is strictly necessary to provide a feature you actively requested (your theme choice), it does not require consent under the ePrivacy rules.

7. Marketing and advertising cookies

We do not currently set marketing or advertising cookies, and we do not run remarketing or cross-site advertising on bbuddy.co. If this changes, we will update this policy and request your consent before any such cookie is set.

8. Third-party cookies on connected pages

When you embed or interact with content hosted on Connected Platforms (X, LinkedIn, Facebook, Instagram, TikTok, YouTube, Pinterest, Threads), those platforms may set their own cookies on your device. We have no control over those cookies. Please refer to each platform’s own cookie policy for details. The payment pages provided by our payment partner Polar may also set strictly necessary cookies on their domain to process your payment; their cookie policy applies on those pages.

9. How to refuse or remove cookies

bbuddy does not display a cookie banner. To refuse or remove the cookies described above, you can: (i) change the privacy and cookie settings of your browser; (ii) use the provider-specific opt-out tools described at the end of this section; and (iii) clear cookies and site data for bbuddy.co at any time.

You can manage cookies directly in your browser:

  • Chrome: Settings → Privacy and security → Cookies and other site data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Safari: Settings → Privacy → Manage Website Data.
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.

Most browsers also offer a “Do Not Track” setting and a global privacy-control signal. We honour these signals to the extent technically feasible. Please note that if you disable strictly necessary cookies, parts of the Service will not work (for example, you will not be able to stay signed in).

You can opt out of Google Analytics specifically by installing the Google Analytics Opt-out Browser Add-on, and out of Hotjar by visiting hotjar.com and following their opt-out instructions.

10. International transfers

Some of the cookie providers listed in this policy are established outside the European Economic Area, including in the United States. Where personal data collected by these cookies is transferred outside the EEA, we rely on the safeguards described in section 8 of our Privacy Policy (adequacy decisions, Standard Contractual Clauses, and additional measures as appropriate).

11. Children

The Service is not directed to children under 16. We do not knowingly set cookies on the devices of children under 16.

12. Changes to this Cookie Policy

We update this Cookie Policy whenever we add, remove, or change a cookie or similar technology, and at least once a year. The “Last updated” date at the top reflects the most recent change. If we add a category of cookies that requires prior consent (for example, marketing or advertising cookies), we will introduce a consent mechanism before any such cookie is set.

13. Contact

For any question about this Cookie Policy or about how we use cookies, write to [email protected].