Cookie Policy
Effective from: [TO BE FILLED ON PUBLIC LAUNCH] Version: 1.0
This policy explains what cookies we use on the Alba loyalty website and why. It's a companion to our Privacy Policy.
1. What cookies are
Cookies are small text files that a website saves on your device when you visit. They are used by almost every website. Most cookies do one of three things: keep you logged in, remember a preference you set, or track your behaviour across the web.
We use only the first two kinds. We do not use tracking cookies.
2. The cookies we use
| Cookie | Set by | Purpose | Duration | Consent required |
|---|---|---|---|---|
| Session | Better Auth (our authentication system) | Keeps you logged in to your account | Session, or 30 days if "remember me" is selected | No |
| Language | Our website | Remembers whether you chose PT or EN | 12 months | No |
| CSRF token | Next.js (our framework) | Protects forms from cross-site attacks | Session | No |
__cf_bm | Cloudflare | Bot management; protects the site from automated abuse | 30 minutes | No |
All cookies above are either strictly necessary for the service to work (you cannot log in without the session cookie, your forms cannot be submitted safely without the CSRF token, the site cannot defend against bots without Cloudflare's cookie), or functional in the sense that they remember a preference you actively expressed (your language choice).
3. Why we don't show a consent banner
Under Portuguese ePrivacy law (Lei 41/2004) and EDPB guidance, websites only need to ask for cookie consent for cookies that are not strictly necessary or not explicitly requested by the user.
Because we use only the cookies listed above — and none of them are analytics, advertising, or tracking — we are not required by law to display a consent banner. If we ever add a non-necessary cookie in the future (for example, if we add analytics), we will introduce a proper consent mechanism at that point and update this policy.
4. How to control cookies
You can control or delete cookies in your browser settings at any time. Each browser is slightly different:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
Blocking the session cookie will prevent you from staying logged in to your account. Blocking the CSRF or Cloudflare cookies may prevent forms from working or the site from loading properly.
5. Third-party cookies
We do not allow any third-party advertising or tracking cookies on this website. The Cloudflare __cf_bm cookie is set by Cloudflare for security purposes only, as described above; it is not used for tracking.
6. Changes to this policy
If we add a new cookie or change how an existing one is used, we will update this policy and the version number at the top.
7. Contact
For any question about this policy, write to loyalty@albalisbon.com.
For more on how we handle your personal data overall, see our Privacy Policy.