What are cookies?
Cookies are small text files that a website stores in your browser. They allow the site to remember information about you between visits — for example, that you are signed in, that you prefer a particular language, or that you have already responded to a cookie banner. Some cookies are necessary for the site to function; others are loaded only after you agree to them.
This Cookie Policy explains which cookies Cliny Pet uses, what each category does, and how you can change your decision at any time.
Cookie categories on Cliny Pet
Cliny Pet groups cookies into four categories that match the choices in the consent banner:
| Category | Purpose | Default | Lawful basis |
|---|---|---|---|
| Necessary | Sign-in session, CSRF defence, locale preference | On — required for the site to function | GDPR Art 6(1)(b) contract |
| Payment | Stripe.js / Stripe Elements during a checkout purchase | Off | GDPR Art 6(1)(a) consent |
| Analytics | Aggregated, anonymised usage statistics | Off | GDPR Art 6(1)(a) consent |
| Marketing | Measurement of marketing-campaign effectiveness | Off | GDPR Art 6(1)(a) consent |
Necessary cookies cannot be rejected because the site is non-functional without them; we keep this category narrow on purpose (session, authentication, CSRF, and the locale switcher). The other three categories are off by default until you explicitly enable them.
In the current release, Cliny Pet loads zero third-party scripts by default — the Analytics and Marketing categories are structural slots prepared for future vendor wiring; no real analytics or marketing SDK is shipped in the initial release. The Payment category loads Stripe.js only when a paid checkout flow starts.
Why we ask for consent
The cookie banner asks for your explicit consent (GDPR Article 6(1)(a)) before loading any cookie or script in the Payment, Analytics, or Marketing categories. We follow the European Data Protection Board's equal-prominence rule: the Accept, Reject, and Manage buttons all have equal visual weight so that choosing "Reject" is no harder than choosing "Accept".
We re-ask for consent in two situations:
- Every 13 months, in line with the CNIL guideline that has become the de-facto European standard. After 13 months, your prior choices expire and the banner re-shows so you can confirm them.
- Whenever this policy or our Privacy Policy or
Terms of Service materially changes. Each of these
documents carries a
policy_versionfrontmatter field; Cliny Pet derives a singleCURRENT_CONSENT_VERSIONSHA from those three values, and any change in the SHA triggers the re-consent flow described below.
Consent versioning
Each consent record we store carries the exact consent_version SHA you
agreed to. When you next visit Cliny Pet and the current version no
longer matches the version on your last record, we re-show the consent
banner with your previous choices pre-ticked. You only need to
confirm or change them — the banner is not a fresh decision from
scratch. This mismatch flow is the technical mechanism by which we
honour the EDPB 2024 guidance on consent freshness after a material
policy change.
If you would like to inspect your past consent decisions, the
Consent history card on the /settings/privacy page shows the last
10 records: the consent_version you agreed to, the timestamp, your
choices, your locale, and the first octet of the IP address (the
full IP is never displayed to the user; it is retained in the audit
ledger for forensics).
Third-party scripts (current state)
Cliny Pet enforces a central script-gate pattern for every
third-party script the application could load. The gate lives at
frontend/src/components/cookie-consent/scriptGate.ts and applies four
guarantees:
- No script loads without consent. The gate refuses to inject a
script tag for a category whose consent is
false. - Every load emits an audit event. A successful load triggers a
server-side
consent_script_loadedaudit row recording the category, the script URL, and the Subresource Integrity (SRI) hash. - Every script carries SRI. External scripts MUST be loaded with a
sha384-…integrity attribute so a compromised CDN cannot serve a tampered payload. - No bypass path is permitted. A custom ESLint rule
no-direct-script-loadforbids<script src="…">JSX literals,document.createElement("script")outside the gate, andnext/scripttags with a non-literalsrc. The rule runs in CI and fails the build on any violation.
In the current release, the gate is wired but no third-party script is loaded by default. The Stripe.js load is reserved for the paid checkout flow. Analytics and Marketing categories are structural slots — no real vendor wiring is shipped today.
Security and anti-abuse (Cloudflare Turnstile)
One script is the exception to the "no third-party script by default"
rule above: Cloudflare Turnstile, a privacy-preserving CAPTCHA
alternative that protects the sign-in and sign-up forms against
automated abuse. Turnstile loads from challenges.cloudflare.com and may
set a __cf_bm bot-management cookie. Because this protection is
strictly necessary to keep the service secure and available, it
belongs to the Necessary category and loads without a consent prompt — on
the basis of our legitimate interest in network and information security
(GDPR Article 6(1)(f), Recital 49). Turnstile is not used to profile you
or to track you across sites for advertising; Cloudflare processes this
data as our processor.
Why Cliny Pet built its own Consent Management Platform
We made an early design decision to build the cookie consent surface in-house rather than rely on a third-party CMP (Cookiebot, OneTrust, etc.). Three reasons:
- Data residency. Off-the-shelf CMPs typically replicate consent
records to US infrastructure; our homegrown banner writes directly to
our EU-region
consent_eventstable, keeping every consent record inside the same GDPR-compliant data perimeter as the rest of Cliny Pet. - System Prompt isolation. Cliny Pet's AI behaviour contract is a
load-bearing safety artefact (
System Prompt.md), and we keep the surface area of third-party code on the page as small as possible to defend that artefact. - Audit traceability. Each consent record carries the exact
policy_versionSHA the user agreed to plus the locale plus the IP octet — all stored alongside our own backend audit events, queryable in one place, retained for the 5-year consent-evidence window under GDPR Article 7(1).
Your choices
You can change your cookie preferences at any time through any of these paths:
- Footer link — Click "Cookie preferences" in the page footer. The banner re-opens with your current choices loaded.
- In-app settings — Visit Privacy & Data settings when signed in. The Cookie preferences card surfaces the same controls plus a "Consent history" view.
- Browser controls — Most browsers also let you block or delete cookies system-wide; the relevant menu is typically under Settings → Privacy & security. Note that blocking the Necessary category at the browser level will make Cliny Pet non-functional.
If you previously accepted a category and now wish to withdraw your consent, the change takes effect on the next page load: any scripts in that category will not be loaded again, and any session-only cookies already set will expire when you close the browser.
Contact
For any question about this Cookie Policy or how to exercise your cookie-related rights under GDPR, contact us at [email protected]. We respond within 30 days.
This policy is reviewed regularly and updated whenever our practices change. It is subject to ongoing review by counsel licensed in TR, EU, and US jurisdictions.