# Cookie Policy
## Remotica

**Last Updated:** October 17, 2025
**Version:** 1.0

---

## 1. Introduction

This website (https://remotica.app) uses cookies and similar technologies to improve user experience, provide essential functionality, and analyze platform usage.

This Cookie Policy explains what cookies are, which cookies we use, why we use them, and how you can manage them.

**By reading this Cookie Policy you accept the use of cookies as described.**

---

## 2. What Are Cookies

**Cookies** are small text files stored on your device (computer, smartphone, tablet) when you visit a website.

Cookies allow the website to:
- Remember your preferences (e.g., selected language)
- Keep your login session active
- Analyze how users use the site
- Improve security and prevent fraud

### 2.1 Types of Cookies

**First-Party Cookies:**
- Set directly by Remotica
- Essential for site functionality

**Third-Party Cookies:**
- Set by external services (e.g., Stripe for payments)
- Used for specific functionalities

**Session Cookies:**
- Temporary, deleted when you close the browser
- Used to manage browsing session

**Persistent Cookies:**
- Remain on device for a determined period
- Used to remember preferences across visits

---

## 3. Cookies Used by Remotica

### 3.1 Essential Technical Cookies (Always Active)

These cookies are **strictly necessary** for site functionality and **DO NOT require consent** under GDPR.

| Cookie Name | Purpose | Duration | Type |
|-------------|---------|----------|------|
| `auth_token` | User authentication management (JWT) | 24 hours | First-party, HTTP-only |
| `csrf_token` | CSRF protection (Cross-Site Request Forgery) | Session | First-party, Secure |
| `locale` | Save selected language | 12 months | First-party |
| `session_id` | Browsing session identification | Session | First-party |

**You cannot disable these cookies** without compromising site functionality.

### 3.2 Analytics Cookies (Anonymized - Do Not Require Consent)

Remotica uses internal analytics to understand platform usage.

| Cookie Name | Purpose | Duration | Type |
|-------------|---------|----------|------|
| `_remotica_analytics` | Page visit tracking (anonymized IP) | 13 months | First-party |
| `_remotica_visitor` | Unique visitor identification (anonymous) | 13 months | First-party |

**Collected data (anonymous):**
- Pages visited
- Time spent
- Device used (desktop/mobile)
- Browser and operating system
- Anonymized IP (last octet removed)

**We DO NOT collect:**
- Identifiable personal data
- Precise GPS coordinates
- External browsing history

These cookies are configured to comply with GDPR and **DO NOT require consent** because fully anonymized.

### 3.3 Third-Party Cookies (External Services)

#### Stripe (Payments)

**Provider:** Stripe, Inc. (Ireland for EU users)
**Purpose:** Process secure payments via Stripe Checkout

| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| `__stripe_mid` | Merchant identification for fraud prevention | 12 months |
| `__stripe_sid` | Stripe checkout session | 30 minutes |

**Stripe Privacy Policy:** https://stripe.com/privacy

#### Railway (Hosting)

**Provider:** Railway Corp. (USA)
**Purpose:** Provide hosting infrastructure

| Cookie Name | Purpose | Duration |
|-------------|---------|----------|
| No cookies set directly | Railway does not set client-side cookies | N/A |

---

## 4. Cookies NOT Used (For Transparency)

**Remotica does NOT use:**

❌ **Marketing/Advertising Cookies:**
- No Google Ads, Facebook Pixel, or similar
- No retargeting or behavioral advertising

❌ **Social Media Cookies:**
- No Facebook, Twitter, Instagram tracking
- Social buttons NOT tracking (if implemented)

❌ **Profiling Cookies:**
- No behavioral profiling
- No user profiles for personalized advertising

---

## 5. How to Manage Cookies

### 5.1 Management via Browser

You can control and manage cookies through your browser settings.

**Chrome:**
1. Settings → Privacy and security → Cookies and other site data
2. Block third-party cookies or all cookies

**Firefox:**
1. Settings → Privacy and security → Cookies and site data
2. Choose custom settings

**Safari:**
1. Preferences → Privacy → Manage website data
2. Remove cookies or block all

**Edge:**
1. Settings → Cookies and site permissions → Cookies and stored data
2. Block third-party cookies

**⚠️ Warning:** Disabling essential technical cookies will prevent Remotica from functioning correctly (e.g., login, bookings, payments).

### 5.2 Management via Opt-Out

**Remotica Analytics:**
- Cookies already anonymized by default
- No opt-out necessary (GDPR-compliant)

**Stripe:**
- Stripe cookies are essential for payments
- Disabling them prevents transactions

### 5.3 Do Not Track (DNT)

Remotica respects the "Do Not Track" (DNT) browser signal when possible, although this standard is not universally implemented.

---

## 6. Technologies Similar to Cookies

### 6.1 Local Storage and Session Storage

Remotica uses **HTML5 Web Storage** to improve user experience:

| Storage Key | Purpose | Duration | Type |
|-------------|---------|----------|------|
| `ipLocation` | Save IP geolocation to recenter map | Persistent | Local Storage |
| `userPreferences` | UI preferences (e.g., list/map view mode) | Persistent | Local Storage |
| `authData` | Temporary authentication data | Session | Session Storage |

**Differences from cookies:**
- Not automatically sent to server
- Greater storage capacity
- Only accessible via client-side JavaScript

### 6.2 Pixel Tags and Web Beacons

**NOT currently implemented** - Remotica does not use invisible pixels or web beacons for tracking.

---

## 7. Cookie Duration and Expiration

| Cookie Category | Maximum Duration | Renewal |
|-----------------|------------------|---------|
| Essential technical cookies | 24 hours - 12 months | Automatic at each login |
| Analytics cookies | 13 months | Automatic on visit |
| Stripe cookies | 12 months | Managed by Stripe |

**Automatic cleanup:**
- Session cookies: deleted on browser close
- Expired cookies: automatically removed by browser

---

## 8. Cookie Policy Updates

This Cookie Policy may be updated to reflect:
- Technical changes to the site
- New features requiring additional cookies
- Regulatory updates (GDPR, ePrivacy)

**In case of substantial changes:**
- "Last updated" date updated
- Banner notification on site for 30 days
- Email to registered users (for significant changes)

**User obligation:** Periodically check this Cookie Policy to stay informed.

---

## 9. Legal Basis (GDPR)

Remotica's use of cookies is based on:

**a) Legitimate interest (Art. 6.1.f GDPR):**
- Essential technical cookies for security and functionality
- Anonymized analytics to improve service

**b) Explicit consent (Art. 6.1.a GDPR):**
- Marketing/advertising cookies (if implemented in future)
- Profiling cookies (not used)

**c) Contract performance (Art. 6.1.b GDPR):**
- Cookies necessary to process bookings and payments

---

## 10. Cookies and Privacy

### 10.1 Personal Data Protection

Remotica implements measures to protect data collected via cookies:
- **HTTPS encryption** for all transmitted data
- **HTTP-only flag** for sensitive cookies (not accessible via JavaScript)
- **Secure flag** for cookies transmitted only on secure connections
- **SameSite attribute** to prevent CSRF attacks

### 10.2 User Rights

You have the right to:
- **Access** data collected via cookies
- **Delete** cookies from your device
- **Object** to use of non-essential cookies
- **Withdraw consent** for cookies that require it

To exercise these rights, contact privacy@remotica.com.

---

## 11. Cookies and Minors

Remotica is not intended for persons under 18 years old. We do not knowingly collect data via cookies from minors without parental consent.

If a parent/guardian discovers that a minor has provided data, they can contact privacy@remotica.com for immediate deletion.

---

## 12. Links to External Sites

The Remotica site may contain links to external sites (e.g., social media, partners). Remotica is **NOT responsible** for the cookie policies of third-party sites. We invite you to read the cookie policies of sites you visit.

---

## 13. Contact

For questions about this Cookie Policy:

**Email:** privacy@remotica.com
**Subject:** Cookie Policy - [your question]

**Postal Address:**
[To be completed with registered office address]

**Response time:** Within 30 working days.

---

## 14. Brief Summary (TL;DR)

✅ **Essential Cookies:** Always used for login, security, language (no consent required)
✅ **Analytics:** Anonymized, masked IPs (no consent required)
✅ **Stripe:** Third-party cookies for secure payments (essential)
❌ **Marketing:** NOT used
❌ **Social Tracking:** NOT used
✅ **Control:** Manage cookies from browser settings
✅ **Privacy:** GDPR-compliant, complete transparency

---

**END OF COOKIE POLICY**

---

## IMPLEMENTATION NOTES

**Before publishing this Cookie Policy:**

1. ✅ Complete [To be completed] fields with real data
2. ✅ Implement cookie consent banner (even though many cookies don't require consent)
3. ✅ Test that technical cookies function correctly
4. ✅ Verify compliance with Italian Data Protection Authority Cookie Guidelines
5. ✅ Ensure IT (Italian) version equivalence
6. ✅ Add link in footer and Privacy Policy
7. ✅ Monitor actually set cookies (dev tools → Application → Cookies)

**Italian Data Protection Authority Compliance:**
- Essential technical cookies: ✅ No consent required
- Anonymized analytics cookies: ✅ No consent required (if truly anonymous)
- Stripe cookies: ⚠️ Verify with Stripe if they require explicit consent in EU
- Marketing cookies: ✅ NOT used (if implemented in future = consent required)

**Best Practice:**
- Even if many cookies don't require consent, good practice to show informative banner with link to Cookie Policy
- Banner can be "informative" (just "OK") rather than "consent" (OK/Reject) if only technical/anonymous analytics cookies