Cookie Policy
Last updated: February 2025
This page explains what cookies the myTransferPricing platform uses, why we use them, and how they comply with the EU ePrivacy Directive and the General Data Protection Regulation (GDPR).
1. What Are Cookies?
Cookies are small text files that websites store on your browser. They serve different purposes — some are essential for a website to function, while others are used for tracking or advertising. We believe in transparency about what cookies we set and why.
2. Our Approach
myTransferPricing takes a minimal approach to cookies. We only use cookies that are necessary for the platform to function securely and to remember basic interface preferences. We do not use:
- Advertising or marketing cookies
- Social media tracking cookies
- Third-party analytics cookies
- Cross-site tracking cookies
- Any cookies that profile your behavior
Because we only use essential and functional cookies, we do not require cookie consent under the EU ePrivacy Directive. Essential cookies are explicitly exempt from the consent requirement because the platform cannot function without them.
3. Cookies We Use
3.1 Essential Cookies (Strictly Necessary)
These cookies are required for the platform to operate. They cannot be disabled. Without them, you would not be able to log in, stay authenticated, or use the platform securely.
| Cookie | Purpose | Duration | Attributes |
|---|---|---|---|
| sb-*-auth-token | Maintains your authenticated session with an encrypted session token | Session (auto-refreshed) | HttpOnly, Secure, SameSite=Lax |
| sb-*-auth-token-code-verifier | Securely verifies your login request during the authentication flow (PKCE) | Session | HttpOnly, Secure, SameSite=Lax |
Authentication cookies are required for you to log in and use the platform. CSRF cookies protect your account from a common class of web attacks. These are standard security practices and are exempt from consent requirements under EU law.
3.2 Functional Cookies
These cookies remember your interface preferences. They are not strictly necessary — the platform will still work without them — but they improve your experience.
| Cookie | Purpose | Duration | Contains |
|---|---|---|---|
| sidebar_state | Remembers whether you collapsed or expanded the navigation sidebar | 7 days | A single value: “true” or “false” |
This cookie stores a single UI preference and contains no personal data, no identifiers, and no tracking information. It exists solely to prevent the sidebar from resetting every time you navigate.
4. What We Do NOT Use
To be explicit about what we don't do:
- No Google Analytics or similar tracking tools that set cookies
- No Facebook Pixel, LinkedIn Insight Tag, or social media trackers
- No advertising networks or retargeting cookies
- No fingerprinting (canvas, WebGL, or audio fingerprinting)
- No cross-site tracking of any kind
5. Analytics (Cookie-Free)
We use Vercel Speed Insights to monitor platform performance (page load times, Web Vitals metrics). This tool:
- Does not set any cookies on your browser
- Works through lightweight beacon requests at the network edge
- Collects only aggregated, anonymized performance data
- Cannot identify individual users
- Data is used solely to detect and fix performance issues
6. Local Storage
In addition to cookies, the platform uses your browser's local storage to store non-sensitive interface preferences:
| Data | Purpose |
|---|---|
| Accessibility preferences | Font size, contrast, and focus indicator settings (synced with your account) |
| Last selected project | Remembers which project you were working on |
| Last selected fiscal year | Remembers which fiscal year you were viewing |
Local storage data is cleared when you log out and restored from your account when you log back in. It contains no authentication tokens, no personal data, and no tracking information.
7. Cookie Security
All essential cookies are configured with security best practices:
- HttpOnly: Cannot be accessed by JavaScript, protecting against XSS attacks
- Secure: Only transmitted over HTTPS connections
- SameSite: Set to Strict (CSRF cookies) or Lax (auth cookies) to prevent cross-site request abuse
- Short lifetimes: CSRF and session cookies expire within 24 hours; auth tokens are refreshed automatically
8. Managing Cookies
Because we only use essential cookies, disabling them in your browser will prevent the platform from functioning correctly. Specifically:
- Blocking authentication cookies will prevent you from logging in
- Blocking CSRF cookies will cause form submissions and data-saving actions to fail
If you wish to clear cookies set by myTransferPricing, you can do so through your browser settings. Note that this will log you out of the platform.
9. Changes to This Policy
If we ever add non-essential cookies (for example, analytics that track users, or third-party integrations that set their own cookies), we will:
- Update this page to reflect the change
- Implement a proper cookie consent mechanism with opt-in for non-essential categories
- Notify users through the platform before any non-essential cookies are introduced
10. Contact Us
If you have questions about our use of cookies, please contact us through your organization administrator or via the platform.
For more details about how we handle your personal data, please refer to our Privacy Statement.
© 2025 myTransferPricing. All rights reserved.
