1. Short version

ViveQode uses only technically necessary cookies. We do not set advertising cookies, retargeting pixels or social-media trackers. Therefore, a consent banner is not required under GDPR/ePrivacy.

2. Cookies we set

The following cookies are technically necessary for the operation of the platform. Legal basis: Art. 6 (1) (b) GDPR (contract performance) and Art. 6 (1) (f) GDPR (legitimate interest in operating a secure service).

Cookie name	Purpose	Duration	Type
next-auth.session-token	Stores the encrypted login session	30 days (or until logout)	Necessary
next-auth.csrf-token	Protects forms against CSRF attacks	Session (browser close)	Necessary
ls-locale	Stores selected language (de/en)	1 year	Necessary
ls-cart	Stores shop cart contents during the session	Session / 7 days	Functional

3. Analytics — without cookies

If we use web analytics (currently planned: Plausible.io), this works completely without cookies or fingerprinting. Plausible is hosted in the EU and does not store personal data. Therefore, no consent is required under GDPR or ePrivacy.

4. Third-party services

ViveQode uses the following external services that may set cookies or process IP addresses:

Stripe — Payment processing. Stripe sets its own cookies during the checkout process. More at stripe.com/privacy.
Cloudflare — CDN and DDoS protection. Cloudflare may set a security cookie (__cf_bm). More at cloudflare.com/privacypolicy.
Google Fonts — Fonts are loaded at build time and served by our own CDN. No connection to Google servers at runtime.

5. Your rights

Since we do not set advertising or tracking cookies, there is no opt-out required. You can delete the technically necessary cookies at any time in your browser settings. This will also log you out of your account.

For further questions about data protection, please contact: datenschutz@viveqode.com