Cookie Policy

Last updated: June 2025

Cookie Policy

This Cookie Policy explains how QUEER MEDIA LITERACY e.V. ("Queer Alliance") uses cookies on our platform. We use only essential cookies that are necessary for our platform to function - no tracking, advertising, or analytics cookies that require your consent.

1. What Are Cookies

Cookies are small text files stored on your device when you visit our website. We only use essential cookies that are necessary for our platform to function:

Secure login sessions - Keep you logged in safely
Multi-language support - Remember your language choice for navigation
Payment security - Fraud prevention during donations
No tracking - We don't use cookies to track your behavior

2. Types of Cookies We Use

Essential Cookies (The Only Cookies We Use)

All our cookies are essential - they're required for the platform to work and don't require your consent under GDPR:

Login Security: Session tokens to keep you securely logged in
Payment Protection: Stripe fraud prevention during donations
Language Support: Remember your language choice for site navigation
No Tracking: We don't use cookies to collect personal data or track behavior

User Preferences (Stored in Your Account, Not Cookies)

Privacy by design: We store your preferences in your secure account profile, not in tracking cookies:

Language & Theme: Saved to your account profile, accessible across devices
Accessibility Settings: Stored securely in your database profile
Better Privacy: Account-based storage means no tracking cookies needed

Analytics (Completely Cookie-Free)

We use Vercel Web Analytics - a privacy-first solution that uses zero cookies:

No Cookies: Uses anonymous hash-based visitor identification
Privacy First: Hash resets every 24 hours, no cross-site tracking
Anonymous Only: Aggregated statistics, no personal data
No Consent Needed: Compliant by design, no cookies means no consent required

Payment Processing Cookies (Essential for Payments)

Stripe payment processor uses essential cookies during payment processing:

Fraud prevention: __stripe_mid (1 year), __stripe_sid (30 minutes)
Payment security: Essential for secure transaction processing
Session management: Maintain payment state during checkout process

3. Third-Party Services and Their Cookies

We work with GDPR-compliant partners who may set cookies when you use their services:

Stripe (Payment Processing)

Purpose: Secure payment processing for donations and memberships

Cookies: Essential cookies: __stripe_mid, __stripe_sid (fraud prevention, security)

Privacy: Privacy Policy: stripe.com/privacy | Cookie Policy: stripe.com/legal/cookies-policy

Legal basis: Used only during payment processing (legitimate interest for contract performance)

Vercel Analytics (Website Analytics)

Purpose: Privacy-focused website analytics and performance monitoring

Cookies: No cookies used - hash-based anonymous visitor identification

Privacy: Privacy Policy: vercel.com/legal/privacy-policy

Legal basis: No consent required as no personal data or cookies are used

Supabase (Authentication & Database)

Purpose: Secure user authentication and data storage

Cookies: Session cookies for authentication (essential for login functionality)

Privacy: Privacy Policy: supabase.com/privacy

Legal basis: Essential cookies for contract performance (no consent required)

4. Why We Don't Need Cookie Consent

No consent required - all our cookies are essential for functionality:

Essential Only: All cookies necessary for login, payments, and navigation
No Tracking: We don't use advertising, analytics, or behavioral cookies
GDPR Compliant: Essential cookies are exempt from consent requirements
Privacy by Design: Minimal data collection, maximum user privacy
Transparent: We tell you exactly what we use and why

5. Browser Cookie Controls

You can control cookies through your browser settings. Note that disabling essential cookies may prevent login and payment functionality:

Chrome: Settings > Privacy and Security > Cookies and other site data
Firefox: Options > Privacy & Security > Cookies and Site Data
Safari: Preferences > Privacy > Cookies and website data
Edge: Settings > Site permissions > Cookies and site data

Important: Disabling essential cookies will prevent login, payments, and core functionality

6. Detailed Cookie List

Complete list of cookies that may be set on your device:

Essential Cookies (Required for Functionality)

Cookie NamePurpose:DurationLegal basis:
sb-[project]-auth-tokenSupabase authentication session token (secure login)1 hour (auto-refresh)Contract performance (essential for user account access)
__stripe_midStripe fraud prevention (payment security)1 yearLegitimate interest (fraud prevention during payments)
__stripe_sidStripe session management (payment process)30 minutesContract performance (essential for payment processing)
NEXT_LOCALENext.js locale routing (language URL routing)1 yearContract performance (essential for multi-language functionality)

Functional Cookies (Currently None)

We do NOT use functional cookies. User preferences are stored securely in your database profile instead of cookies, providing better privacy and persistence across devices.

Analytics (No Cookies)

Vercel Web Analytics uses privacy-friendly, cookie-free analytics that do not require consent under GDPR.

7. Legal Basis for Cookie Processing

Our cookie usage complies with GDPR Article 6 and ePrivacy Directive Article 5(3):

Essential cookies: Legitimate interest (Article 6(1)(f)) for platform functionality and security
Payment cookies: Contract performance (Article 6(1)(b)) for processing transactions
Functional cookies: Consent (Article 6(1)(a)) for enhanced user experience
Consent cookies: Legal obligation (Article 6(1)(c)) for GDPR compliance record-keeping
Analytics: No legal basis required (no cookies or personal data processed)

8. Data Protection and Cookie Rights

Your cookie-related data protection rights under GDPR:

Right of access: Request information about cookies set on your device
Right to rectification: Correct inaccurate cookie preference records
Right to erasure: Delete cookie consent records (contact admin@queer-alliance.com)
Right to restriction: Limit cookie processing to essential only
Right to object: Object to non-essential cookies (withdraw consent)
Data portability: Receive your cookie consent history in structured format

9. Updates to This Cookie Policy

We may update this Cookie Policy to reflect legal or technical changes:

Notification: Email notification for material changes affecting your rights
New consent: Request updated consent for new cookie types or purposes
Effective date: Changes take effect 30 days after notification unless urgent
Version control: Previous versions available upon request

10. Contact Us About Cookies

For questions about our cookie practices or to exercise your rights:

Data Protection Officer: admin@queer-alliance.com

Response within 30 days as required by GDPR Article 12

Supervisory Authority: Österreichische Datenschutzbehörde (dsb.gv.at)

QUEER MEDIA LITERACY e.V., 1060 Wien, Mariahilfer Straße 49/15, Austria