Skip to content
Flamenco

Legal

Cookie policy

Effective 31 May 2026. Explains every cookie this site can set, why each one is strictly necessary, and why no consent banner appears. This policy complements our privacy policy.

1. The short version

Browsing the public site sets no cookies at all. We use only a small number of strictly necessary cookies, and only once you sign in to the admin dashboard or open a subscriber self-serve link. We run no advertising, marketing, or cross-site tracking cookies of any kind. Because every cookie we use is strictly necessary to a function you have asked for, no consent is required and no cookie banner is shown.

2. What a cookie is

A cookie is a small text file a website asks your browser to store. Cookies that are essential to deliver a service you have requested — keeping you signed in, for example — are exempt from consent under Article 5(3) of the ePrivacy Directive (2002/58/EC) as implemented in the Netherlands by Article 11.7a of the Telecommunicatiewet. Cookies used for analytics, advertising, or profiling are not exempt and require consent. We use only the former kind.

3. Cookies we use

The complete list of cookies this site can set, all of them first-party and all of them strictly necessary:

Supabase authentication session (sb-*)

Set only when an administrator signs in to the private dashboard at /admin. It keeps that session signed in across page loads. It is never set for ordinary visitors. Set by our authentication provider, Supabase (EU region). Duration: the length of the admin session, cleared on sign-out.

Subscriber self-serve session (flamenco_subscriber_session)

Set only after a subscriber opens and verifies an email magic link to manage their subscription. It is a signed, http-only cookie that lets the page survive a browser reload without re-exposing the link token in the URL. It carries no personal data beyond an internal subscriber reference. Duration: 15 minutes, then it expires automatically.

That is the entire list. Both cookies are strictly necessary: blocking them does not affect browsing, but it would prevent administrators and subscribers from signing in.

4. Analytics, without cookies

We measure aggregate site traffic with Vercel Analytics, which is cookieless by design. It records anonymous, aggregate page-view counts and basic performance metrics; it sets no cookie, assigns no persistent identifier, and does not track individuals across sessions or sites. Because it stores nothing on your device and identifies no one, it requires no consent.

5. Security and abuse prevention

To protect sign-in and signup forms from automated abuse we use Vercel BotID and short-lived, server-side rate-limit counters (Upstash). These operate to keep the service secure and do not place advertising or tracking cookies on your device. Where any such mechanism relies on a strictly necessary technical cookie, it falls under the same security exemption above.

6. Payment pages

Payments are handled on Mollie's own hosted checkout (iDEAL and SEPA Direct Debit). Any cookies needed to complete a payment are set by Mollie on Mollie's domain during checkout, governed by Mollie's cookie statement. We do not load Mollie scripts on this site outside the checkout redirect.

7. Managing cookies

Every browser lets you view, block, or delete cookies through its settings. Because the only cookies we set are strictly necessary, blocking them will not affect browsing the public site, but it will prevent the admin dashboard and subscriber self-serve area from keeping you signed in. We do not show a consent banner because there are no optional cookies to consent to.

8. Changes to this policy

If we ever introduce a cookie that is not strictly necessary, we will update this policy and present a consent banner before that cookie is set. The latest version always lives at this URL with a fresh effective date at the top. For anything else about how we handle your data, see our privacy policy.