Cookie Policy

This policy describes the use of cookies and similar technologies (local storage, sessions) by the RepForm service. It complements the Privacy Policy.

1. What is a cookie?

A cookie is a small text file placed by a website on your device (computer, mobile, tablet) during navigation. It allows information to be remembered between two pages or two visits, such as a connection session or display preferences. Cookies may be placed by the visited site (first-party cookies) or by a third party (third-party cookies).

2. Cookies used by RepForm

RepForm uses exclusively cookies and storage strictly necessary for the operation of the service, exempt from prior consent collection in accordance with CNIL guidance No. 2020-091 of 17 September 2020 and Article 82 of the French Data Protection Act. In particular: (a) Supabase authentication session cookies (sb-*-auth-token prefixes) — purpose: maintain your logged-in session — duration: 1 hour for the access token, up to 30 days for the refresh token; (b) language preference cookie (NEXT_LOCALE) — purpose: keep your FR/EN choice between visits — duration: 1 year; (c) cookie-banner-display cookie (repform-cookie-consent) — purpose: avoid re-displaying the banner on every page after acceptance or refusal — duration: 6 months; (d) browser local storage (localStorage) for interface state, draft reports in progress and display preferences — variable duration, cleared on logout or manual deletion.

3. Audience measurement cookies

RepForm currently uses no advertising cookies or third-party tracking cookies (Google Analytics, Meta Pixel, LinkedIn Insight Tag, etc.). No non-exempted third-party audience measurement is currently active. If an anonymous audience measurement tool compliant with CNIL guidance (Plausible Analytics, Matomo in exempted mode, or equivalent) were deployed in the future, this policy would be updated and an appropriate consent banner would be put in place if required.

4. Essential third-party technical cookies

Some cookies may be placed by our technical sub-processors for the proper operation of the service: (a) Stripe — when subscribing to a paid plan, Stripe places its own security, authentication and fraud prevention cookies (m, __stripe_mid, __stripe_sid); (b) Vercel — may place an instance identification cookie to ensure session consistency and performance. These cookies are strictly necessary for securing transactions and the operation of the service; they fall within the consent exemption set by the CNIL.

5. Management and disabling

You can configure your browser to refuse all or some cookies. However, refusing strictly necessary cookies (notably authentication) will make the service unusable. To manage cookies, refer to your browser's help: Chrome (support.google.com/chrome/answer/95647), Firefox (support.mozilla.org/en-US/kb/cookies), Safari (support.apple.com/HT201265), Edge (support.microsoft.com/en-us/windows/delete-and-manage-cookies-168dab11).

6. Retention period for data generated by cookies

Data generated by cookies (notably access logs linked to a session) is retained for the durations indicated in the Privacy Policy. The cookies themselves have the lifetimes indicated in section 2 above.

7. Your rights

You have at all times the rights described in the Privacy Policy (access, rectification, erasure, objection) for personal data that may be collected via cookies. To exercise these rights, contact privacy@repform.app.

8. Policy updates

This policy may evolve to reflect changes in our technical practices or regulations. The date of the last update is shown at the top of the page. Any substantial change (adding a cookie subject to consent, for example) will be signalled by a new information banner.