Cookie Policy
Last updated: April 24, 2026
SurveyingPedia uses cookies and similar technologies to operate the site, secure your session, remember your language preference, and — only with your consent — to measure aggregate traffic via Google Analytics.
You can change your choice at any time using the button (also available in the footer).
Strictly necessary
Required for basic site functionality. Without these, authentication, language switching and security cannot work. No consent needed (exempt under ePrivacy Directive).
| Name | Purpose | Duration | Provider |
|---|---|---|---|
authjs.session-token | User authentication (session cookie) | Session or 30 days if "Remember me" | Self (NextAuth.js) |
__Secure-authjs.session-token | Authentication on HTTPS (secure flag) | Session / 30 days | Self |
authjs.csrf-token | CSRF attack protection on login / signup | Session | Self |
authjs.callback-url | Redirect URL after sign-in | Session | Self |
NEXT_LOCALE | Remembers your chosen language | 1 year | Self |
sp_consent | Stores your cookie preferences | 1 year | Self |
sp_impersonate | Super-admin impersonation (only for admins) | Session | Self |
cf_clearance | Cloudflare Turnstile anti-bot check on signup | 30 min | Cloudflare |
Analytics (opt-in)
Help us understand which pages and tools are used most. Loaded only after you accept. IP addresses anonymized. Consent Mode v2.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
_ga | Google Analytics unique visitor ID (anonymized) | 2 years | Google Analytics 4 |
_ga_G-2Y848WNYGV | Google Analytics session state | 2 years | Google Analytics 4 |
Marketing (not currently used)
Reserved category for future use. SurveyingPedia does NOT currently serve advertising cookies or engage in retargeting. If this changes, we will notify users and require fresh consent.
First-party analytics (no cookies, no consent required)
We count anonymous aggregate visits using a first-party pixel that does NOT use cookies or localStorage. A daily-rotating hash (SHA-256 of IP + User-Agent + UTC date, truncated to 24 chars) is stored server-side to deduplicate visitors within a single day. The hash changes every midnight UTC, making cross-day tracking technically impossible. This is exempt from consent under CNIL guidelines on aggregated, anonymous analytics.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
(no cookie — server-side only) | Visitor hash: sha256(IP+UA+UTC date)[0:24]. Cannot be linked across days. | Per request; stored 90 days in aggregate form | Self-hosted (/api/pv endpoint) |
Local storage (not cookies)
The browser's localStorage — not sent to servers, stays on your device. Used for UX preferences only.
| Name | Purpose | Duration | Provider |
|---|---|---|---|
sp-chat-closed | Remembers if you closed the chat widget | Session | Self |
sp-chat-bg | Your chat background preference | Indefinite | Self |
sp-recent-* | Recent files opened in software tools (name + size only, no content) | Indefinite | Self |
sp_lead_dismiss | Hides the welcome popup after dismissal | 30 minutes | Self |
Your rights
- Accept, reject or customize cookie categories anytime
- Your choice persists for 1 year, after which we ask again
- You can delete the
sp_consentcookie at any time to reset and reconfigure - Your browser privacy settings (Do Not Track, 3rd-party cookies blocking) are respected
- Contact us at contact@surveyingpedia.com for any question