Version 2.0 — Effective date: 26 May 2026
This Cookie Policy explains what cookies and similar device-storage technologies are, how VivaShelf uses them, and your choices regarding them. It should be read together with our Privacy Policy.
Cookies are small text files placed on your device by a website. "Similar technologies" includes browser localStorage, IndexedDB, and service-worker caches, all of which fall within Article 5(3) of the ePrivacy Directive 2002/58/EC. Cookies set by the website you are visiting are called "first-party" cookies; cookies set by other domains are "third-party" cookies.
VivaShelf uses only strictly necessary cookies and local storage required for the service to function. We do not use analytics, advertising, behavioural-tracking, or cross-site cookies. Because these items are essential for the service you have requested, they fall within the "strictly necessary" carve-out of Article 5(3) of the ePrivacy Directive and do not require opt-in consent. We still display an informational notice for transparency.
Name: authjs.session-token. Purpose: Maintains your authenticated session so you remain signed in. Category: Strictly necessary. Duration: Session cookie (cleared when browser closes), or up to 30 days if you select "Remember me". Attributes: HttpOnly, Secure, SameSite=Lax. Provider: First-party.
Name: authjs.csrf-token. Purpose: Protects against cross-site request forgery attacks by validating that form submissions originate from our application. Category: Strictly necessary. Duration: Session. Attributes: HttpOnly, Secure, SameSite=Lax. Provider: First-party.
Name: NEXT_LOCALE. Purpose: Stores your preferred interface language so the correct translation is loaded on each visit. Category: Strictly necessary. Duration: 1 year. Attributes: Secure, SameSite=Strict. Provider: First-party.
Name: vivashelf_cookie_consent (localStorage). Purpose: Records that you have acknowledged the cookie notice so it is not shown again. Stores the acknowledgement timestamp and policy version. Category: Strictly necessary. Duration: Persistent until cleared. Storage: Browser localStorage. For authenticated users we additionally record the acknowledgement server-side in our consents table together with your timestamp, the policy version, IP address, and User-Agent, in order to evidence compliance under Article 7(1) GDPR.
VivaShelf is a Progressive Web App. The Serwist service worker installs in your browser and caches application assets in Cache Storage and a limited subset of your inventory data in IndexedDB so the app keeps working offline. This local storage is not transmitted to third parties and is cleared when you clear site data in your browser or via Settings → Privacy → Clear Local Cache.
VivaShelf does not set or load any third-party advertising, analytics, or tracking cookies. If you choose to sign in using Google OAuth, Google may set its own cookies on accounts.google.com during the authentication redirect — those cookies are governed by Google's privacy notice, not ours. Sentry, our error-monitoring sub-processor, is configured without session replay and does not set cookies in your browser when used in our default configuration.
You can manage or delete cookies and local storage through your browser settings. All major browsers allow you to view, block, and delete cookies, localStorage entries, IndexedDB databases, and service-worker registrations. Blocking strictly necessary items will prevent parts of the service from functioning correctly. To reset the cookie-notice acknowledgement, clear localStorage for vivashelf.com. For detailed instructions, consult your browser's help documentation.
For more information about how we handle your personal data, please see our Privacy Policy