Cookie Policy

1. What are cookies?

Cookies are small text files stored on the user's device (computer, smartphone, tablet) while browsing websites.

Cookies allow:

• Remembering user preferences and settings,
• Maintaining a logged-in user's session,
• Collecting statistical data about how the service is used,
• Adapting service content to individual user needs.

Cookies do not damage the user's device or files stored on it. They also cannot access data stored on the user's disk.

2. What cookies do we use?

The RawPicker Service (rawpicker.com and api.rawpicker.com) uses the following types of cookies:

• Essential cookies -- enable the use of basic service functions, including login and user authentication. Without these cookies, the Service cannot function properly.

Types of cookies based on storage time:

• Session cookies -- deleted after closing the browser or ending the user session,
• Persistent cookies -- remain on the user's device for a specified time or until manually deleted.

3. Purpose of cookie use

Cookies are used in the Service for the following purposes:

• Authentication and session management: maintaining a logged-in user's session, ensuring login security, preventing unauthorized access to the user account.
• Security: protection against CSRF (Cross-Site Request Forgery) attacks, ensuring data transmission integrity and confidentiality.

4. Detailed description of cookies used

4.1. Essential cookies

Essential cookies are activated automatically and do not require user consent, as they are necessary for the proper operation of the Service.

5. Similar technologies

5.1. localStorage

In addition to cookies, the Service uses localStorage technology (local data storage in the browser). localStorage works similarly to cookies, but data is stored indefinitely until manually deleted by the user or cleared via browser settings.

The rawpicker-cookie-consent value is used by the hasAcceptedCookies() function in the Service code to determine the user's preference regarding non-essential cookies.

5.2. Web beacons and tracking pixels

The RawPicker Service does not use tracking pixels (web beacons / tracking pixels).

6. Legal basis for using cookies

The legal basis for using cookies and similar technologies is:

• ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC),
• Polish Act of 18 July 2002 on the provision of electronic services, in particular Article 173,
• GDPR -- Regulation (EU) 2016/679 -- regarding the processing of personal data through cookies.

6.2. Essential cookies

Essential cookies required for service provision (the session cookie connect.sid) do not require user consent in accordance with Article 173(3) of the Polish Act on the provision of electronic services.

The legal basis for their processing is:

• Article 6(1)(b) GDPR -- processing is necessary for the performance of a contract,
• Article 6(1)(f) GDPR -- the Controller's legitimate interest in ensuring proper operation and security of the Service.

7. Managing cookies

7.1. Consent mechanism in the Service

On the first visit to the Service, the user is presented with an information banner (cookie banner) at the bottom of the page with two options:

• "Accept" -- consent. The choice is saved in localStorage.
• "Decline" -- refusal of consent. The choice is saved in localStorage and the banner is hidden.

7.2. Browser settings

Users can change cookie settings in their web browser at any time:

• Google Chrome: Settings → Privacy and security → Cookies and other site data
• Mozilla Firefox: Settings → Privacy and security → Cookies and site data
• Microsoft Edge: Settings → Cookies and site permissions
• Safari: Preferences → Privacy → Manage website data
• Opera: Settings → Privacy and security → Cookies

7.3. Consequences of disabling cookies

Disabling essential cookies:

• May cause some Service features to not work properly,
• Will prevent logging into the user account,
• May limit access to features requiring authentication.

7.4. Deleting cookies

Users can delete cookies stored on their device at any time using browser settings.

To reset the cookie consent choice, the user can also delete the rawpicker-cookie-consent key from the browser's localStorage (e.g., using browser developer tools: F12 → Application → Local Storage).

Note: Deleting cookies may result in the need to log in to the Service again and the cookie consent banner being displayed once more.

8. Third-party cookies

The Service may use third-party cookies in the following cases:

8.2. Google OAuth

When logging in through Google, Google cookies may be used to authenticate the user. Google may store its own cookies on the user's device as part of the OAuth 2.0 authentication process.

Google Privacy Policy: https://policies.google.com/privacy

8.3. PayProGlobal

When making payments for Service subscriptions, the user is redirected to the PayProGlobal payment system (loaded within an iframe). PayProGlobal may use its own cookies for the purpose of:

• Ensuring transaction security,
• Fraud prevention,
• Proper payment processing.

PayProGlobal Privacy Policy: https://payproglobal.com/privacy-policy

8.4. PostHog (backend error monitoring)

The Service uses PostHog (EU server: eu.i.posthog.com) for backend error monitoring, crash reporting, and feature flag management. PostHog is used exclusively server-side (posthog-node SDK) -- it does NOT set cookies or similar technologies in the user's browser.

PostHog Privacy Policy: https://posthog.com/privacy

8.5. General information

The Controller has no control over third-party cookies. Users should familiarize themselves with the privacy policy and cookie policy of the external service providers listed above.

9. US requirements -- CalOPPA and Do Not Track signals

9.1. California Online Privacy Protection Act (CalOPPA)

In accordance with the California Online Privacy Protection Act (CalOPPA), we inform that:

• Users may visit the Service anonymously (without creating an account),
• This Cookie Policy is accessible from the Service homepage and via a link in the website footer,
• Users are notified of any changes to the Cookie Policy through the update of the last modification date,
• Users can change their personal information after logging into their account in the Service.

9.2. Do Not Track (DNT) signals

The RawPicker Service honors Do Not Track signals sent by the user's browser.

Please note that some third-party services (e.g., Google during the OAuth process) may not honor the DNT signal. The Controller has no control over how third-party services respond to DNT signals.

10. Changes to the Cookie Policy

The Controller reserves the right to make changes to this Cookie Policy in case of:

• Changes in laws regarding cookies and privacy,
• Implementation of new technologies and tools,
• Changes in the way cookies are used in the Service,
• Changes in the scope or nature of services provided within the Service.

Users will be informed of any changes through publication of the new version of the Cookie Policy in the Service with the date of the last update.

The current version of the Cookie Policy is always available at: rawpicker.com/cookie-policy.

11. Contact

If you have questions regarding this Cookie Policy or the use of cookies in the Service, please contact:

HexBit - Wojciech Osak
ul. Herbu Janina 9A/25, 02-972 Warsaw, Poland
Tax ID (NIP): 5381859620
Email: admin@rawpicker.com

The Controller will make every effort to respond to all inquiries as soon as possible, no later than 30 days from receiving the inquiry.