BioPipeline Legal

Cookie Policy

How cookies and similar browser storage are used on BioPipeline.

Last updated: April 27, 2026

This Cookie Policy explains what cookies, local storage, and similar browser technologies BioPipeline uses, why we use them, and how you can control them.

1. What Are Cookies?

Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit (e.g., login state, preferences) to improve functionality and user experience.

BioPipeline also uses local storage and session storage (HTML5 browser APIs) for similar purposes. These technologies are collectively referred to as "cookies" in this policy.

2. Types of Cookies We Use

2.1 Essential Cookies (Always Active)

These cookies are strictly necessary for the Service to function and cannot be disabled without breaking core features.

Cookie NamePurposeDurationType
sb-access-tokenAuthentication token (Supabase)1 hourHttpOnly, Secure
sb-refresh-tokenSession refresh (keep you logged in)7 daysHttpOnly, Secure
__Secure-next-auth.session-tokenNext.js session managementSession (until browser closes)HttpOnly, Secure, SameSite=Lax

Legal basis: Strictly necessary for contract performance (GDPR Art. 6(1)(b)) — you cannot use authenticated features without these cookies.

2.2 Functional Cookies (Optional)

These cookies remember your preferences to improve usability. They are not strictly required but significantly enhance your experience.

Storage KeyPurposeDurationType
biopipeline_themeDark/light mode preferencePersistent (until cleared)localStorage
activePageLast visited page in appSession (until tab closes)sessionStorage
sidebar_collapsedSidebar expansion statePersistent (until cleared)localStorage

Legal basis: Legitimate interest (GDPR Art. 6(1)(f)) — improving user experience without processing personal data.

2.3 Analytics Cookies (Currently Not Used)

We do not currently use third-party analytics (Google Analytics, Mixpanel, etc.). If we introduce analytics in the future, we will:

  • Update this policy before rollout
  • Request explicit consent (where required by law)
  • Provide an opt-out mechanism
  • Use anonymization/pseudonymization where possible

2.4 Advertising Cookies (Not Used)

We do not use advertising cookies or third-party ad networks. BioPipeline does not display ads or track users for behavioral advertising.

3. Third-Party Cookies

Some features may use third-party services that set their own cookies:

ServicePurposePrivacy Policy
SupabaseAuthentication and databaseSupabase Privacy
VercelHosting and CDNVercel Privacy
Stripe (if subscribed)Payment processingStripe Privacy

We are not responsible for third-party cookies. Review their privacy policies for details on how they use cookies.

4. How to Manage Cookies

4.1 Browser Controls

You can control or delete cookies through your browser settings. Here are instructions for common browsers:

  • Chrome: Settings → Privacy and security → Cookies and other site data → See all cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data → Manage Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies

Warning: Blocking essential cookies will prevent you from logging in and using authenticated features.

4.2 Clear Local Storage (Per-Site)

To clear BioPipeline-specific storage:

  1. Open browser Developer Tools (F12 or right-click → Inspect)
  2. Go to the Application tab (Chrome/Edge) or Storage tab (Firefox)
  3. Expand Local Storage and Session Storage
  4. Select https://www.biopipeline.online and click "Clear All"

4.3 Do Not Track (DNT)

We respect Do Not Track (DNT) browser signals. If DNT is enabled:

  • We will not set analytics or tracking cookies (when/if implemented)
  • Essential cookies remain active (required for login)
  • Functional cookies (theme, UI state) still work (they do not track you across sites)

4.4 Opt-Out of Future Analytics (Proactive)

If we introduce analytics in the future, you will be able to opt out via:

  • In-app cookie consent banner (on first visit)
  • Account settings → Privacy → Analytics preferences
  • Browser extensions (e.g., uBlock Origin, Privacy Badger)

5. Cookie Lifetime and Storage

TypeDurationWhen Deleted
Session cookiesUntil browser closesWhen you close the browser/tab
Persistent cookies1 hour to 7 daysAfter expiration or manual deletion
Local storageIndefinite (until cleared)Manual deletion or browser cache clear

6. Mobile App (Future)

If we release a mobile app, this Cookie Policy will be updated to cover mobile-specific tracking technologies (e.g., device identifiers, push notification tokens). Native apps do not use browser cookies but may use similar mechanisms.

7. Changes to This Policy

We may update this Cookie Policy to reflect service changes or legal requirements. Material changes will be notified via:

  • Email to registered users (at least 30 days before effective date)
  • In-app notification banner
  • Updated "Last updated" date at the top of this page

If we introduce new cookie categories (e.g., analytics), we will request explicit consent where required by law (GDPR, ePrivacy Directive, CCPA).

8. Contact

For questions about cookies or data privacy:

Privacy Team
Email: privacy@biopipeline.online
DPO: dpo@biopipeline.online

9. Legal Compliance

9.1 GDPR (EU Users)

Under GDPR, you have the right to:

  • Know what cookies are used and why
  • Withdraw consent for non-essential cookies
  • Object to processing based on legitimate interests

9.2 ePrivacy Directive (EU)

We comply with the ePrivacy Directive (Cookie Law) by:

  • Only using essential cookies without consent
  • Requesting consent for analytics/marketing cookies (when/if implemented)
  • Providing clear information on cookie purposes

9.3 CCPA (California Users)

Under CCPA, we do not "sell" personal information via cookies. If we introduce advertising cookies, California users will have a "Do Not Sell My Personal Information" link.

9.4 Other Jurisdictions

For users in other regions (UK, Canada, Australia, Brazil, etc.), we apply GDPR-equivalent standards as a baseline, ensuring compliance with local cookie laws.