COOKIE POLICY
> This is a courtesy English translation of the Italian original. In case of any discrepancy or conflict, the Italian version prevails.
Version in force from 11 July 2026
This Cookie Policy explains how Splax (Owner: Tomas Garulli — family sole proprietorship pursuant to art. 230-bis of the Italian Civil Code, Tax Code GRLTMS69P24G337G, VAT No. 02281470340, registered office Strada Tamborino 4, 43024 Bazzano (Parma), Italy — support@splax.app) uses cookies and similar technologies on the websites splax.app and splax.io (the "Sites"), in implementation of:
- Regolamento (UE) 2016/679 ("GDPR");
- D.lgs. 196/2003 as amended by D.lgs. 101/2018 (the "Privacy Code");
- the Guidelines on cookies and other tracking tools of the Italian Data Protection Authority (Garante) of 10 June 2021.
The Cookie Policy is an integral part of the Privacy Policy.
1. WHAT COOKIES ARE
Cookies are small text files that the websites visited store on the user's device (computer, tablet, smartphone) in order to enable or improve certain functions, to store preferences, for statistical purposes, or to personalise content and advertising.
The term "cookie" also includes other similar tracking tools (pixels, web beacons, browser local storage and session storage identifiers, fingerprinting).
Cookies may be:
- first party: set directly by the visited domain (e.g. splax.app, splax.io);
- third party: set by different domains (e.g. stripe.com, firebase.com) when components managed by other providers are integrated on the Site.
A further distinction is made between:
- session cookies: deleted when the browser is closed;
- persistent cookies: stored for a defined period of time.
2. TYPES OF COOKIES USED
Technical (necessary) cookies
They do not require consent pursuant to art. 122 of the Privacy Code. They are essential to the operation of the Site.
| Name (indicative) | Purpose | Duration | Provider |
|---|---|---|---|
| sb-access-token / sb-refresh-token | Management of the authenticated user's session (Supabase Auth) | Session / until logout or expiry | First party (Supabase) |
| sb-provider-token | Support for the OAuth/PKCE flow | Session | First party (Supabase) |
| splax-locale | Storage of the interface language (Italian/English/French/Spanish/German) | 12 months | First party |
| splax-theme | Storage of the preferred theme (light/dark) | 12 months | First party |
| cookieconsent-status / cc_statement | Storage of the choice made in the cookie banner (if active) | 6-12 months | First party |
| csrf-token | Prevention of CSRF attacks | Session | First party |
Note: the web version (splax.io) uses technical and functionality cookies, for which no prior consent is required pursuant to art. 122 of the Privacy Code, and — for advertising — Google AdSense, which installs third-party profiling cookies and identifiers only with the User’s prior consent, collected and revocable at any time through the Consent Management Platform (CMP) compliant with the Guidelines of the Garante of 10 June 2021 (see “Advertising and profiling cookies”); without consent, AdSense shows only non-personalized ads. The mobile app does not use browsing cookies but displays ads via Google AdMob, based on the device’s advertising identifiers (IDFA on iOS subject to ATT authorization, Advertising ID on Android), manageable from the device settings, as described in paragraph 2.6 and in Section 17 of the Privacy Policy.
Functionality cookies
Not strictly indispensable, but necessary for an enriched user experience.
| Name (indicative) | Purpose | Duration | Provider |
|---|---|---|---|
| splax-last-location | Stores the last position/search on the map for restoration | 30 days | First party |
| splax-recent-searches | Saving of recent searches in the marketplace | 30 days | First party |
Third-party cookies
They are activated when third-party components integrated on the Site are used.
| Provider | Purpose | Type | Info |
|---|---|---|---|
| Stripe (stripe.com, js.stripe.com, q.stripe.com) | Payment management, fraud detection, Radar (anti-fraud) | Technical (for transactions) and anti-fraud (legitimate interest) | https://stripe.com/cookies-policy/legal |
| Firebase / Google (if used in the web environment) | Sending of push notifications (Web Push) subject to user activation, diagnostics | Functional / technical | https://firebase.google.com/support/privacy |
| Mapbox (if invoked on the Site for maps) | Loading of map tiles | Functional | https://www.mapbox.com/legal/privacy |
| Apple / Google App Store badges (if present on the showcase site) | Buttons linking to the respective stores | Technical — request for images | respective policies |
Analytics cookies
As of today, the Owner does not use Google Analytics or other third-party analytics tools with web profiling. Should they be activated, they would be configured for maximum privacy protection (masked IP, anonymisation, prior opt-in) and would be listed in this section with an update of the Cookie Policy.
Advertising and profiling cookies
As of 11 July 2026, the web version of Splax integrates Google AdSense for the display of third-party advertisements. AdSense sets the following cookies and identifiers (the precise list may vary over time; the following is a summary of Google's official documentation):
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| __gads | Google AdSense (doubleclick.net) | Measures ad impressions and frequency per browser profile | 13 months | Profiling |
| __gpi | Google AdSense | Google-side advertising profile identifier | 13 months | Profiling |
| IDE | DoubleClick (Google) | Tracking of post-view/click actions | 13 months | Profiling |
| ANID | Aggregated identifier for personalised ads | 13 months | Profiling | |
| NID | Google user preferences (also on other services) | 6 months | Technical/profiling | |
| _gads, _gac | Conversion tracking, optimisation | 13 months | Profiling | |
| Local storage __eoi | Google AdSense | Funding Choices status (integrated CMP) | persistent | Technical CMP |
Such cookies are disabled by default when the site is opened: they are installed only after the User gives explicit consent through the Cookie Management Platform (CMP) banner upon entering the Site or through the "Manage cookie preferences" item in the footer.
In the event of refusal/withdrawal of consent, AdSense continues to display ads but in non-personalised mode (contextual, based only on the page viewed and the IP for approximate geolocation purposes), with reduced data collection.
The User may also disable personalised ads across the board by visiting https://adssettings.google.com.
For details on the processing carried out by Google, please refer to:
2.6 Advertising in the mobile app (Google AdMob)
The iOS/Android mobile application uses Google AdMob to display native ads (in the marketplace/forum lists) and optional video ads ("rewarded") in the BB Points section. AdMob does not use HTTP cookies in the strict sense but operating system advertising identifiers (IDFA on iOS, AAID on Android). The management of consent and of access to such identifiers is governed:
- On iOS by the App Tracking Transparency (ATT) prompt shown at first launch or upon activation of the ads;
- On Android by the Google settings → Ads → "Advertising ID" / "Personalised ads".
Please refer to Section 17 of the Privacy Policy for details.
3. LEGAL BASES AND CONSENT
- Technical cookies do not require consent (art. 122 of the Privacy Code): they are activated automatically upon access.
- Functionality, analytics and marketing cookies (if introduced) require prior consent, collected through a banner upon entering the Site, according to the "accept all / reject all / customise" paradigm, in full respect of the user's freedom of choice.
- Consent may be withdrawn at any time through the "Manage cookie preferences" link located in the footer of the Site.
4. HOW TO DISABLE COOKIES
In addition to the "Manage cookie preferences" panel, each user may configure their browser to block or delete cookies. Disabling technical cookies may, however, impair the operation of the Site.
Instructions for the main browsers:
- Chrome: https://support.google.com/chrome/answer/95647
- Safari: https://support.apple.com/it-it/guide/safari/sfri11471/mac
- Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
- Edge: https://support.microsoft.com/it-it/microsoft-edge
The user may consult, for each browser, the instructions relating to "private browsing" mode.
5. NON-EU DATA TRANSFERS
Some third-party cookie providers (e.g. Stripe, Google) may transfer data outside the EU, in particular to the United States, with adequate safeguards under the GDPR (Standard Contractual Clauses and, where applicable, the EU-US Data Privacy Framework). See Section 9 of the Privacy Policy.
6. RETENTION
Each cookie is retained for the duration indicated in the tables of Section 2. The data collected through cookies are processed according to the purposes indicated in the Privacy Policy at the corresponding retention periods.
7. RIGHTS OF THE DATA SUBJECT
Please refer to Section 12 of the Privacy Policy. In particular, the user has the right to withdraw cookie consent at any time.
8. CONTACTS
For any information regarding this Cookie Policy, you may write to support@splax.app.
9. UPDATES
This Cookie Policy may be updated following technical or regulatory changes. The updated version will be published within the Sites with an indication of the date of the last update.