Cookie Policy

1. What we mean by cookies and similar technologies

Cookies are small text files placed on your device when a website sets them through your browser. Similar technologies include browser local storage and session storage, IndexedDB databases, cache storage used by progressive web features, and certain pixels or tags that store or read identifiers. Throughout this Policy, "cookies" includes those comparable mechanisms where the legal analysis is the same.

2. What we checked (codebase audit)

As of the last updated date above, we inspected the MotoLean X website source repository for first-party cookie usage (for example document.cookie, analytics SDKs, advertising pixels, and consent-management platforms). The application does not contain code that sets first-party HTTP cookies for analytics, advertising, or broad audience measurement. We do not load Google Analytics, Firebase Analytics, Meta Pixel, or comparable marketing trackers in this web application.

The Site is built with Next.js and exported as static files. That deployment model does not use our own server-side session cookies for normal page views; hosting providers may still process HTTP requests according to their own privacy notices (for example access logs).

3. First-party cookies on motoleanx domains

We do not currently operate a named inventory of first-party HTTP cookies for the MotoLean X Site because, in the audited build, the Site does not intentionally set such cookies for tracking or preferences. If we introduce first-party cookies (for example a remembered UI theme, A/B test assignment, or analytics), we will list them here with name, purpose, duration, and legal basis, and we will add consent or control mechanisms where the law requires them.

4. Similar technologies: Firebase Authentication (session persistence)

When you create an account or sign in, we use Firebase Authentication (Google) on the client. In typical browser configurations, Firebase persists your session using IndexedDB and/or related browser storage APIs rather than a long-lived first-party HTTP cookie managed directly by our code. That storage holds authentication artefacts (such as tokens and refresh data) so you stay signed in across visits and page reloads.

This processing is strictly necessary to provide the sign-in and account functionality you request. Under common interpretations of the EU ePrivacy Directive as implemented in member states, storage that is strictly necessary to deliver a service explicitly requested by the user often does not require consent, although transparency remains required. Your rights and the roles of controller and processor are explained in the Privacy Policy.

If you block or clear site data for our origin, sign-in state may be lost or OAuth flows may fail; see your browser's help documentation for per-site controls.

5. Third-party cookies and domains (Google Sign-In)

When you choose Sign in with Google, your browser communicates with Google-controlled domains (for example accounts.google.com and related endpoints). Google may set or read its own cookiesas part of authentication, fraud prevention, and account security. We do not control those cookies. Their use is governed by Google's policies and your Google account settings.

6. Map tiles (OpenStreetMap)

The rider dashboard may request map raster tiles from OpenStreetMap tile servers (for example tile.openstreetmap.org). Those requests are standard image fetches. They are not used by us to run behavioural advertising on the Site. Third-party operators may process technical data (such as IP address) under their own policies.

7. Fonts and static assets

We use Next.js font optimisation so that webfont files used for the Site are served from the same deployment as the pages, rather than loading a runtime stylesheet from a font vendor on each view. That reduces third-party calls compared with legacy font embedding patterns.

8. Consent banners and your choices

Because the audited Site does not deploy non-essential first-party cookies or marketing trackers, we do not currently show a cookie consent banner. If we add optional analytics or advertising technologies that require consent in your jurisdiction, we will implement an appropriate consent mechanism and update this Policy before or at the time of activation.

You can still configure your browser to block third-party cookies, delete stored data periodically, or use privacy-focused browsers and extensions. Note that aggressive blocking may break Google Sign-In or Firebase session persistence.

9. Contact

Questions about this Cookie Policy: max@byte-bandits.com. Company and legal details: Impressum.