Cookie Policy
We keep our cookie usage minimal and transparent. No advertising cookies, no cross-site tracking, no fingerprinting — ever. Here's exactly what we use and why.
☰ Table of Contents▾
CafePop uses three types of cookies: strictly necessary ones that keep you logged in and the site secure (always on), functional ones that remember your preferences like language and theme, and analytics ones that help us improve the Platform using anonymous data (opt-in only). We use zero advertising, social media, or cross-site tracking cookies. You can manage your preferences at any time.
What Are Cookies?
Cookies are small text files that websites and web applications store on your device (computer, tablet, or smartphone) when you visit them. They allow the Platform to recognise your device on subsequent visits, remember your preferences, keep you logged in, and measure how you use the service.
Cookies typically contain the name of the website that set them, how long they'll last, and a value — usually a unique random identifier. They cannot contain executable code and cannot access other data stored on your device.
Our Approach
CafePop takes a minimal, privacy-first approach to cookies. We only use cookies that are genuinely necessary or clearly beneficial to your experience. We never use cookies for advertising targeting, cross-site behavioural tracking, or selling data to third parties.
- Authentication tokens
- CSRF protection
- Preference storage
- Anonymous analytics (opt-in)
- Consent records
- Advertising cookies
- Retargeting pixels
- Social media trackers
- Cross-site tracking
- Device fingerprinting
- Minimum necessary data
- Transparent disclosure
- User control & consent
- Swiss law compliance
- Regular cookie audits
CafePop has never used advertising cookies and has no plans to do so. Our revenue model is subscription-based — we have no financial incentive to track your browsing behaviour.
Cookie Categories
We organise our cookies into three categories based on their purpose and whether your consent is required. The following sections (04–06) detail every individual cookie we use.
Strictly Necessary Cookies
These cookies are essential for the Platform to operate. Without them, you would not be able to log in, navigate securely, or use core features. They do not require your consent under Swiss and EU law, and cannot be disabled through our cookie preference centre.
Strictly necessary cookies never track you across other websites and contain no personal information beyond a random session identifier. They are automatically deleted when they expire or when you log out.
Strictly Necessary Cookies
Required for authentication, security, and storing your cookie consent. The Platform cannot function without these.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
sb-access-token | CafePop / Supabase | Authenticates your session and keeps you logged in securely | HTTP | 1 hour |
sb-refresh-token | CafePop / Supabase | Refreshes your authentication token without requiring re-login | HTTP | 7 days |
csrf_token | CafePop | Prevents cross-site request forgery attacks on form submissions | HTTP | Session |
__Secure-next-auth | CafePop / NextAuth | Manages authentication state for server-side sessions | HTTP | 30 days |
cp_consent | CafePop | Stores your cookie consent preferences so we don't ask repeatedly | HTTP | 1 year |
cp_theme | CafePop | Remembers your light/dark theme preference across sessions | HTTP | 1 year |
Functional Cookies
Functional cookies enable enhanced features and personalisation. They remember your choices — such as your preferred language, display theme, or saved city filter — so you don't have to reset them on every visit.
If you disable functional cookies, the Platform will still work, but you may find that certain preferences reset between sessions and some features behave differently.
Functional Cookies
Store your preferences to personalise your experience. Active by default but can be disabled through your cookie settings.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
cp_lang | CafePop | Stores your language preference (en/de/fr) | HTTP | 1 year |
cp_city | CafePop | Remembers your selected city filter for profile discovery | HTTP | 30 days |
cp_sort | CafePop | Saves your preferred profile sort order (recent / popular) | HTTP | 30 days |
cp_onboarded | CafePop | Records that you've completed the onboarding flow | HTTP | Persistent |
Analytics Cookies
Analytics cookies help us understand how visitors interact with the Platform in aggregate — which features are most used, where users encounter difficulty, and how we can improve the overall experience. We only activate these cookies with your explicit consent.
All analytics data is anonymised before processing. We cannot identify individual users from analytics data. We use IP anonymisation, and analytics data is never combined with your profile data or shared with advertisers.
We currently use Google Analytics configured with IP anonymisation enabled and data sharing with Google advertising products disabled. We are evaluating a privacy-focused analytics alternative (such as Plausible or Fathom) as a replacement.
Analytics Cookies
Anonymous usage analytics to understand Platform performance and improve the experience. Only active with your consent.
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
_ga | Google / CafePop | Distinguishes unique users for anonymous aggregate analytics | HTTP | 2 years |
_ga_XXXXXXXXXX | Google / CafePop | Persists Google Analytics session state | HTTP | 2 years |
cp_anon_id | CafePop | Anonymous identifier for first-party usage analytics (no PII) | HTTP | 12 months |
cp_session_id | CafePop | Groups page views into a single anonymous session for analytics | HTTP | 30 minutes |
Cookies We Don't Use
For complete transparency, here is an explicit list of cookie categories that CafePop does not use — and never will as long as our subscription-based model remains in place.
We do not serve ads on CafePop and we do not use advertising cookies (including Google Ads, Facebook Pixel, or any retargeting technology). Your browsing behaviour on CafePop will never be used to serve you ads elsewhere.
We do not embed social media widgets (Facebook Like buttons, Twitter share buttons, etc.) that would allow social platforms to track you across the web. Any links to social media from our website open in a new tab without embedding tracking scripts.
We do not participate in cross-site tracking networks or data brokers. Cookies set by CafePop are only readable by cafepop.ch and its authorised subdomains.
We do not use canvas fingerprinting, WebRTC fingerprinting, or any other technique designed to identify your device without using cookies. Our security measures rely solely on standard session tokens.
We do not use cookies or scripts to obtain or store your precise GPS location. City-level location inference from IP address is used only for default city filter settings, and is not stored as a precise coordinate.
Managing Your Cookies
You have several ways to control the cookies stored on your device. Note that disabling strictly necessary cookies will prevent the Platform from functioning correctly.
Cookie Preference Centre
The easiest way to manage your cookie preferences is through the CafePop Cookie Preference Centre, accessible by clicking the "Cookie Settings" link in the Platform footer. From there you can enable or disable functional and analytics cookies at any time.
Browser Controls
You can also control cookies through your browser settings. Most browsers allow you to view, delete, and block cookies. However, blocking all cookies will prevent the Platform from working. Below are links to cookie management instructions for the main browsers:
Opt-Out of Analytics
To opt out of Google Analytics specifically (beyond using our Cookie Preference Centre), you can install the Google Analytics Opt-out Browser Add-on. This works across all websites that use Google Analytics, not just CafePop.
Consent
Under Swiss data protection law (nDSG) and the EU General Data Protection Regulation (GDPR — applicable to users in the EU/EEA), we are required to obtain your consent before placing non-essential cookies on your device.
How We Obtain Consent
When you first visit CafePop, we display a cookie consent banner that:
- Clearly explains what cookies we use and why.
- Allows you to accept all cookies, reject non-essential cookies, or customise your preferences.
- Does not use pre-ticked boxes or dark patterns — your default choice is the most privacy-protective option.
- Records your consent decision with a timestamp and version number in the cp_consent cookie.
- Allows you to change your mind at any time through the Cookie Preference Centre.
Withdrawing Consent
You can withdraw your consent for non-essential cookies at any time without any negative consequences to your use of the Platform. Withdrawing consent does not affect the lawfulness of cookie use before withdrawal.
To withdraw consent, open the Cookie Preference Centre from the Platform footer and update your settings. Changes take effect immediately.
We re-ask for your consent when we make material changes to our cookie usage, or after 12 months — whichever comes first.
Local Storage & Similar Technologies
In addition to HTTP cookies, CafePop may use browser local storage and session storage to store small amounts of data on your device. These technologies work similarly to cookies but are not transmitted to our servers automatically on every request.
localStorageStoring non-sensitive UI state such as sidebar collapsed/expanded status, dismissed notification banners, and onboarding progress. Data is only readable by cafepop.ch.
Persists until cleared by you or via account settings.
sessionStorageTemporary state for the current browser session, such as in-progress form data and navigation history within the app. Never contains personal data.
Automatically cleared when the browser tab is closed.
IndexedDBCurrently not used by CafePop for any purpose.
N/A
You can clear localStorage and sessionStorage data at any time through your browser's developer tools or by clearing your browsing data in browser settings.
Third-Party Cookies
Some cookies on the Platform are set by third-party services we use. We minimise third-party cookie usage to the absolute minimum necessary. Below is a complete list of third parties currently permitted to set cookies on CafePop:
sb-access-token, sb-refresh-token_ga, _ga_XXXXXXXXXXWe review our third-party cookie usage quarterly. Any new third-party cookie integration requires prior privacy assessment and will be disclosed in an updated version of this Policy before being activated.
Policy Updates
We may update this Cookie Policy periodically to reflect changes in our cookie usage, new legal requirements, or improvements to our practices. The date at the top of this Policy shows when it was last revised.
For material changes — such as introducing a new category of cookies or a new third-party service — we will:
- Update the version number and date at the top of this Policy.
- Display a new consent banner so you can review and re-confirm your preferences.
- Send an email notification to registered users if the change significantly affects their privacy.
Your continued use of the Platform after a Policy update constitutes acceptance of the updated terms, unless the change requires fresh consent (in which case, we will ask again before activating new cookies).
Contact Us
If you have any questions about our use of cookies or this Policy, please contact our Data Protection Officer:
Last updated: 1 January 2025 · Version 2.0
© 2026 CafePop Switzerland GmbH · All rights reserved.
