Cookie Policy
1. About this policy
This Cookie Policy explains how CleanSpot uses cookies and similar technologies on the cleanspot.cc website and on the CleanSpot municipal dashboard. It does not apply to the CleanSpot mobile application — see §6 below.
This Cookie Policy is published by the operator of CleanSpot — an individual sole trader based in Portugal. Postal correspondence is available on request to privacy@cleanspot.cc.
2. What are cookies?
Cookies are small text files placed on your device by websites you visit. They store information that the website can read on subsequent visits. Cookies serve various purposes — keeping you logged in, remembering your preferences, measuring site usage, or showing personalised advertising.
Categories commonly used in industry:
| Category | What it does | Consent required (EU) |
|---|---|---|
| Strictly necessary | Essential for the site to function (e.g. authentication, security) | No |
| Functional | Remembers your preferences (e.g. language, layout) | Sometimes — depends on whether the cookie is essential |
| Analytics | Measures site usage (e.g. page views, traffic sources) | Yes |
| Advertising | Shows or measures ads, often across sites | Yes |
3. CleanSpot's position
CleanSpot uses only strictly necessary cookies. We do not use:
- Advertising cookies (we run no advertising, anywhere, ever)
- Third-party tracking cookies (no Facebook Pixel, no Google Analytics, no Hotjar, no LinkedIn Insight Tag)
- Cross-site tracking cookies (no remarketing, no audience-building)
- Social-media share cookies (none of the share buttons load third-party scripts)
Because we use only strictly necessary cookies, EU law does not require us to display a consent banner. We choose to publish this Cookie Policy as a transparency commitment regardless.
4. Cookies CleanSpot uses
Authentication session
| Detail | Value |
|---|---|
| Cookie name | sb-<project-ref>-auth-token (managed by Supabase Auth via @supabase/ssr) |
| Purpose | Keeps you signed in to the dashboard between page loads |
| Set by | Supabase Auth (server-side, on sign-in) |
| Lifetime | Session — typically expires after the access token's TTL (1 hour) and is refreshed via the refresh token |
| HTTP-only | Yes |
| Secure | Yes |
| SameSite | Lax |
| Category | Strictly necessary |
Refresh token
| Detail | Value |
|---|---|
| Cookie name | sb-<project-ref>-refresh-token |
| Purpose | Allows the dashboard to renew your session without prompting you to log in again |
| Set by | Supabase Auth |
| Lifetime | 30 days, sliding |
| HTTP-only | Yes |
| Secure | Yes |
| SameSite | Lax |
| Category | Strictly necessary |
Language preference
| Detail | Value |
|---|---|
| Cookie name | cs-language |
| Purpose | Remembers the language you've selected for the dashboard interface |
| Set by | Dashboard server, on language selection |
| Lifetime | 1 year |
| HTTP-only | No (read by client-side rendering) |
| Secure | Yes |
| SameSite | Lax |
| Category | Functional (essential for UX, but not strictly required) |
Layout / column preferences
| Detail | Value |
|---|---|
| Cookie name | cs-layout-prefs (where applicable) |
| Purpose | Remembers your dashboard layout choices (e.g. sidebar collapsed, table column widths) |
| Set by | Dashboard server |
| Lifetime | 1 year |
| HTTP-only | No |
| Secure | Yes |
| SameSite | Lax |
| Category | Functional |
CSRF protection token
| Detail | Value |
|---|---|
| Cookie name | Internal Next.js mechanism (varies by version) |
| Purpose | Protects state-changing requests against cross-site request forgery |
| Set by | Next.js framework |
| Lifetime | Session |
| HTTP-only | Yes |
| Secure | Yes |
| SameSite | Lax |
| Category | Strictly necessary |
5. Local storage and similar technologies
In addition to cookies, the dashboard may use the browser's localStorage or sessionStorage to remember small pieces of UI state (e.g. which dashboard tab you last had open). These are not cookies under EU law and do not transmit data to our servers — they remain on your device.
6. The mobile app
The CleanSpot mobile app does not use cookies. Cookies are a web-browser concept. The app uses the device's secure key-value storage (AsyncStorage on iOS and Android, encrypted at rest by the operating system) to keep you signed in and to cache offline submissions.
What's stored locally in the app:
- The session and refresh tokens issued by Supabase Auth
- The offline submission queue (pending spot/event/public-issue submissions waiting to upload)
- Splash-time prefetched data (recent spots, events, public-issues)
- Your user-interface preferences (notification settings, language override)
Nothing in this list is transmitted as a cookie or accessible to other apps on your device.
7. Managing cookies
You can control cookies through your browser settings. Most browsers let you:
- View what cookies are stored
- Delete specific cookies or all cookies
- Block cookies from specific sites or all sites
- Be notified when cookies are set
Note: blocking strictly-necessary cookies will prevent the dashboard from working. You won't be able to sign in or maintain a session.
Useful links for major browsers:
- Chrome:
https://support.google.com/chrome/answer/95647 - Firefox:
https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer - Safari:
https://support.apple.com/en-us/HT201265 - Edge:
https://support.microsoft.com/en-us/microsoft-edge/delete-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
8. Changes to this policy
If we ever start using non-essential cookies (we don't plan to), we will:
- Update this Cookie Policy
- Add a consent mechanism before any non-essential cookie is set
- Notify users on the next visit
Material changes will be communicated through a notice on the dashboard and on cleanspot.cc.
9. Contact
For questions about this Cookie Policy: privacy@cleanspot.cc.
For broader privacy questions, see our Privacy Policy.
Effective date: 2026-04-28. Last updated: 2026-04-28.