Cookie Policy

Last updated: 17 May 2026

This Cookie Policy explains what cookies and similar technologies are, which ones ProjScan uses across projscan.com and app.projscan.com, and how you can manage your preferences. Read this together with our Privacy Policy, which describes the broader picture of personal-data processing.

1. What are cookies?

Cookies are small text files placed on your device by your browser when you visit a website. They let the site remember information about your visit — whether you're signed in, what preferences you've chosen, where you came from — across page loads and across visits. Modern browsers also support similar technologies (localStorage, sessionStorage, IndexedDB) that we treat the same way for the purposes of this policy.

2. Why we use them

We use cookies for three reasons. Operating the service — keeping you signed in, preventing cross-site-request forgery, and routing referral attribution across our marketing and app subdomains. Remembering your preferences — UI choices you make in the dashboard. Understanding usage — aggregate, privacy-respecting analytics where the law allows it and you consent.

3. Cookies we use

Strictly necessary

Required for the service to function. These cannot be disabled without breaking sign-in or breaking security guarantees.

• Authentication session — keeps you signed in across pages. Set by our authentication provider; the cookie is read by ProjScan to verify your session. Not shared with any third party for tracking.
• CSRF / security tokens — protect against cross-site-request forgery on state-changing actions.
• Referral attribution — when you visit a link that includes a ?ref=XXXX parameter, we store that code in a cookie scoped to .projscan.com for 30 days. This lets us credit the referrer if you sign up on a different subdomain. No personal data is stored in the cookie; only the referrer's short code.

Functional

Remember preferences such as the dashboard view you last used or your sidebar collapsed/expanded state. These improve the experience but the service works without them.

Analytics (when enabled)

Privacy-respecting analytics may be enabled in the future (e.g. PostHog, Google Analytics 4). Where required by law, these are loaded only after you consent. We do not currently share analytics data with advertising networks.

Marketing

We currently do not use marketing or advertising cookies. If Google Ads conversion tracking or similar is added in the future, this page will be updated and explicit consent will be requested where required (EU / UK / Switzerland / other ePrivacy-style jurisdictions).

4. Third-party cookies

Some pages load resources from third parties that may set their own cookies, subject to those providers' own privacy policies:

• Stripe — when you go through checkout or the customer portal, Stripe sets cookies needed for the payment flow and fraud prevention.
• Google — when you sign in with Google, Google sets cookies on its own domains as part of the OAuth flow.
• Google Fonts — loaded via Next.js's font optimisation; in production fonts are self-hosted at build time so no third-party cookies are set for fonts.

5. International transfers

Some of the providers above are based outside the European Economic Area. Where data is transferred outside the EEA, we and our processors rely on the European Commission's Standard Contractual Clauses or an adequacy decision, as described in the Privacy Policy.

6. Managing cookies

Most browsers let you view, manage, and delete cookies. The exact controls live in your browser settings:

• Chrome / Edge / Brave: Settings → Privacy and security → Third-party cookies (or Cookies and other site data). You can block all cookies or just third-party ones.
• Firefox: Settings → Privacy & Security → Enhanced Tracking Protection & Cookies and Site Data.
• Safari: Preferences → Privacy → Manage Website Data.
• Mobile: same settings inside the browser app on iOS and Android, typically under "Privacy".

Blocking strictly-necessary cookies will prevent sign-in and most of the service from working. Blocking functional cookies will reset preferences on each visit. Blocking analytics or marketing cookies has no effect on whether you can use the service.

7. Withdrawing or changing consent

Where consent is the legal basis for a cookie (analytics, marketing), you can withdraw it at any time by adjusting your browser settings as described above, or by contacting us at privacy@projscan.com for an account-level reset. Withdrawing consent doesn't affect the lawfulness of processing that took place beforehand.

8. Changes to this policy

We may update this policy as the product evolves, particularly when we add or remove third-party services. The current version is always the one published on this page; the Last updated date at the top reflects the most recent revision.

9. Contact

Questions about cookies or this policy: privacy@projscan.com.