Cookie Policy - Pantryverse App
Version: 1.0.0
Effective Date: June 22, 2025
Last Updated: July 4, 2026
1. What are Cookies?
Cookies are small text files that are stored on your device by websites and web applications. They allow the website to remember your actions and preferences so you don’t have to re-enter them every time you visit or navigate between pages.
Cookie Types
- Session Cookies: Deleted when the browser is closed
- Persistent Cookies: Remain on your device for a specified time
- First-party Cookies: Set by the Pantryverse website
- Third-party Cookies: Set by external services
2. Legal Basis
TDDDG § 25 (Protection of Privacy in Terminal Equipment)
This policy complies with the requirements of the German Telecommunications-Telemedia Data Protection Act (TDDDG), which came into force on December 1, 2021.
GDPR Compliance
All cookie practices comply with the General Data Protection Regulation (GDPR), particularly:
- Art. 6 (Lawfulness of processing)
- Art. 7 (Conditions for consent)
- Art. 21 (Right to object)
3. Cookies and Browser Storage in the Pantryverse Web Application
3.1 Technically Required Cookies (no consent required)
These cookies and browser storage entries are essential for the web application to function:
| Cookie/storage name | Purpose | Storage Duration | Provider |
|---|---|---|---|
__session |
Firebase Authentication Session | Session | Firebase/Google |
__firebase-auth |
User authentication | 1 hour | Firebase/Google |
pantryverse-theme |
Display settings | 365 days | Pantryverse |
pantryverse-offline-queue |
Pending offline grocery list operations | Until synchronized or deleted | Pantryverse |
Legal Basis: TDDDG § 25 Para. 2 No. 2 (technically required)
3.2 Functional Cookies (consent required)
No functional cookies are currently used.
3.3 Analytics Cookies (consent required)
No analytics cookies are currently used.
3.4 Security Cookies (no consent required)
These cookies serve application security:
| Cookie Name | Purpose | Storage Duration | Provider |
|---|---|---|---|
__csrf |
CSRF protection | Session | Pantryverse |
__app-check |
Firebase App Check token | 1 hour | Firebase/Google |
__secure-session |
Secure session management | Session | Pantryverse |
Legal Basis: TDDDG § 25 Para. 2 No. 1 (security)
4. Consent Management
4.1 Cookie Banner
When you first visit the Pantryverse web application, a cookie banner is displayed offering you the following options:
- Accept All: Consent to all cookie categories
- Reject All: Only technically required cookies
- Settings: Granular control over cookie categories
- Learn More: Link to this cookie policy
4.2 Granular Consent
You can decide separately for each cookie category:
- ✅ Technically Required: Always active (non-deselectable)
- ⚙️ Functional: Optional (default: disabled)
- 📊 Analytics: Optional (default: disabled)
- 🛡️ Security: Always active (non-deselectable)
4.3 Managing Consent
Access to Settings:
- Cookie settings in the web app (footer)
- Via profile menu: “Privacy & Cookies”
- Direct link: https://pantryverse.com/cookie-settings
Changing Consent:
- Possible at any time without giving reasons
- Immediate effect upon deactivation
- Automatic deletion of corresponding cookies
5. iOS App - Local Data Storage
5.1 UserDefaults (iOS)
The iOS app does not use traditional cookies but local storage mechanisms:
| Data Type | Purpose | Storage Location | Deletion |
|---|---|---|---|
| App Settings | User preferences | UserDefaults | Upon app uninstallation |
| Authentication | Login status | Keychain | Upon logout or app uninstallation |
| Offline Data | Recipes and lists | Core Data | Upon account deletion |
| Biometric Settings | Face ID/Touch ID preferences | Keychain | Upon deactivation |
5.2 Legal Classification
TDDDG Applicability: TDDDG primarily applies to telemedia (web services). For native mobile apps, the general data protection provisions of GDPR apply.
Transparency: All local storage processes are documented in the privacy policy.
6. Third-Party Services
6.1 Google/Firebase Services
Firebase Authentication:
- Cookies:
__session,__firebase-auth - Purpose: User login and management
- Privacy Policy: https://policies.google.com/privacy
Firebase Hosting:
- Cookies: Technical hosting cookies
- Purpose: Content delivery and performance
- Privacy Policy: https://policies.google.com/privacy
Firebase App Check:
- Cookies:
__app-check - Purpose: App security and abuse protection
- Privacy Policy: https://policies.google.com/privacy
6.2 Google Analytics (optional)
Activation: Only with your explicit consent
GDPR-compliant configuration:
gtag('config', 'GA_MEASUREMENT_ID', {
anonymize_ip: true,
allow_google_signals: false,
allow_ad_personalization_signals: false,
restricted_data_processing: true
});
Opt-out option:
- In cookie settings
- Browser plugin: https://tools.google.com/dlpage/gaoptout
7. Your Rights and Control
7.1 Withdrawing Consent
Methods:
- Cookie settings in the web app
- Browser settings
- Email to privacy@pantryverse.com
Effect:
- Immediate deactivation of new cookies
- Deletion of existing cookies (where technically possible)
- Possible limitation of functionality
7.2 Browser Settings
Cookie Control in Browser:
- Chrome: Settings → Privacy and Security → Cookies
- Safari: Preferences → Privacy → Manage Cookies
- Firefox: Settings → Privacy & Security → Cookies
- Edge: Settings → Cookies and Site Permissions
Do Not Track:
We respect your browser’s “Do Not Track” signal and disable tracking accordingly.
7.3 Automatic Deletion
Deletion Rules:
- Session cookies: When closing the browser
- Analytics cookies: After 14 months (GDPR-compliant)
- Functional cookies: After storage duration expires
- Upon consent withdrawal: Immediate deletion
8. International Data Transfers
8.1 Third-Party Cookies
Google (Firebase, Analytics):
- Transfer to USA
- Safeguards: EU-US Data Privacy Framework
- EU Commission adequacy decision
Additional Safeguards:
- IP anonymization
- Data minimization
- Encrypted transmission
8.2 Pantryverse’s Own Cookies
Storage Location: Exclusively in EU data centers (Firebase Ireland)
Transfer: No transfer to third countries without adequate protection level
9. Cookie Security
9.1 Technical Safeguards
Cookie Attributes:
Secure: Only over HTTPS connectionsHttpOnly: Protection against XSS attacksSameSite: Protection against CSRF attacks
Encryption:
- Sensitive cookie contents are encrypted
- TLS 1.3 for all data transmissions
9.2 Regular Review
Security Audits:
- Monthly review of cookie configuration
- Penetration testing of web application
- Compliance reviews
10. Updates and Changes
10.1 Amendment Procedure
Material Changes:
- 30 days advance notice via email
- Renewed consent request for new cookie categories
- Update of this policy
Minor Changes:
- Notification in the web app
- Version number update
10.2 Version Control
Current Version: Always available at https://pantryverse.com/cookie-policy
Archiving: Previous versions kept for 10 years
Changelog: Detailed change history available
11. Contact and Support
11.1 Cookie-Specific Inquiries
Email: privacy@pantryverse.com
Subject: “Cookie Inquiry - [Your Concern]”
Response Time: Within 48 hours
11.2 Technical Support
Cookie Issues:
- Missing functionality after cookie deactivation
- Problems with cookie settings
- Browser compatibility issues
Support Email: support@pantryverse.com
Availability: Monday to Friday, 9 AM - 5 PM (CET)
11.3 Complaints
Supervisory Authority:
Federal Commissioner for Data Protection and Freedom of Information (BfDI)
Graurheindorfer Str. 153
53117 Bonn
Germany
Online Complaint: https://www.bfdi.bund.de/
Appendix: Cookie Categories in Detail
A1. Technically Required Cookies
Definition: Cookies that are essential for the basic functions of the website.
Examples:
- Authentication and session management
- Security measures (CSRF protection)
- Load balancing and performance
- Basic functionality (shopping cart, form data)
Legal Basis: TDDDG § 25 Para. 2 - No consent required
A2. Functional Cookies
Definition: Cookies that enable enhanced functions and personalization.
Examples:
- Language settings
- Regional preferences
- User interface customizations
- Saved search filters
Legal Basis: TDDDG § 25 Para. 1 - Consent required
A3. Analytics Cookies
Definition: Cookies for analyzing website usage and performance.
Examples:
- Visitor numbers and behavior
- Page views and dwell time
- Traffic sources
- A/B testing
Legal Basis: TDDDG § 25 Para. 1 - Consent required
A4. Marketing Cookies (currently not used)
Definition: Cookies for advertising purposes and remarketing.
Status: The Pantryverse app currently does not use marketing cookies.
Future: If implemented, an updated cookie policy with renewed consent request will be provided.
Last Updated: July 4, 2026
Next Review: July 4, 2027
For questions about this cookie policy, please contact: privacy@pantryverse.com