Cookie Policy
Last updated: March 12, 2026. This page explains how s4p uses cookies and similar technologies for security, authentication, consent storage, and optional analytics under the ePrivacy rules and GDPR.
1. Technologies We Use
s4p uses a limited set of browser technologies:
- HTTP cookies required for secure session handling and CSRF protection.
- Browser local storage for cookie-consent preferences under
s4p_cookie_consent_v2. - Optional analytics cookies only after you explicitly grant consent.
We do not currently claim to use behavioral advertising cookies on this site as a default category. If that changes, this policy and the consent banner will be updated before activation.
2. Legal Basis and Consent Model
- Strictly necessary technologies: used under the ePrivacy strictly-necessary exemption and GDPR Article 6(1)(b) or 6(1)(f), because they are required for secure login, session continuity, CSRF protection, fraud prevention, and remembering your consent choices.
- Optional analytics: loaded only after consent under GDPR Article 6(1)(a). Analytics is disabled by default and can be withdrawn at any time.
Rejecting analytics does not prevent you from using the core public site or your account. It only stops optional analytics collection from that browser context.
3. Current Cookie and Storage Categories
Strictly Necessary
| Name | Provider | Typical Duration | Purpose |
|---|---|---|---|
| sessionid | First-party | Session, 1 day, 7 days, or 30 days depending on sign-in choice | Maintains authenticated session state after sign-in. |
| csrftoken | First-party | Framework-defined, commonly up to 1 year | Protects forms and authenticated requests against CSRF attacks. |
| s4p_cookie_consent_v2 | Browser local storage | Until changed or cleared by the user | Stores your analytics-consent preference for this browser. |
Optional Analytics
Only loaded when a Google Tag Manager or Google Analytics ID is configured and you have opted in.
| Name | Provider | Typical Duration | Purpose |
|---|---|---|---|
| _ga, _ga_* | Google, if configured | Provider-defined, often up to 2 years | Aggregated traffic, engagement, and performance analytics. |
4. Third Parties and Transfers
If s4p enables Google Tag Manager or Google Analytics, those providers may process analytics data outside the EEA, including in the United States, subject to the transfer safeguards described in our Privacy Policy.
If you use payment pages or embedded checkout, payment processors such as Stripe may set their own technical or anti-fraud cookies on their domains. Those technologies are governed by the relevant provider's own notices in addition to this policy.
5. Managing and Withdrawing Consent
- Use the cookie banner to accept or reject optional analytics.
- Reopen the preference panel at any time using the button below.
- Clear cookies or local storage in your browser to reset existing choices.
- Withdrawing consent stops future optional analytics events from being sent from that browser context.
6. Retention and Browser Control
Session cookies expire at the end of the browser session unless you select a remembered session duration at sign-in. Persistent cookies follow their configured lifespan unless deleted earlier.
Local storage consent state remains until you update it or clear browser storage. Optional third-party analytics cookie duration is controlled by the provider unless you remove those cookies through browser tools.
7. Policy Updates
We update this policy when our cookie usage, analytics setup, or legal obligations change.
Material changes are reflected on this page with a new Last updated date and, where appropriate, renewed consent prompts.