1. Categories we use
Strictly necessary (no consent required)
- Auth session — keeps you signed in (Supabase session in
localStorage). - Security tokens — CSRF / anti-abuse.
- Cookie consent flag — remembers your choice on this banner.
Functional (consent in EU/UK)
- UI preferences — theme, last-used currency, onboarding state.
- Offline queue — IndexedDB cache for trip logging while you're offline.
Analytics (consent in EU/UK)
- Aggregate, server-side analytics — pageviews and crash reports without third-party cookies. We do not use Google Analytics or similar cross-site trackers.
2. Controlling cookies
- EU/UK visitors see a consent banner on first visit. You can change your choice anytime by clicking Cookie preferences in the footer.
- Outside the EU/UK we default to functional + analytics on, in line with the lower bar set by Thailand PDPA and most APAC laws.
- You can also block cookies via your browser settings — the Service may become less useful (e.g. you'll have to sign in again).
3. Do Not Track
We honor the Global Privacy Control (GPC) signal where your browser sends one — treating it as a refusal of non-essential storage.
4. Updates
We update this page whenever the cookie inventory changes. See our Privacy Policy for the full data-handling picture.