2. Cookies Used and Categories
Strictly Necessary Cookies
These cookies are essential for the operation of the service. Without them, login, session management, and security features would not work. Prior consent is not required for these.
| Name / Type | Source | Purpose | Retention |
|---|---|---|---|
| Firebase Authentication session token | Google Firebase | Maintaining login state on the dashboard and admin interface | Session, max. 1 hour (ID token) / 30 days (refresh token) |
| CSRF token / session identifier | Bokko | Security protection (preventing cross-site request forgery) | Session duration |
bokko_consent |
Bokko | Storing the user's analytical cookie consent. This cookie is set by the consent banner. | 1 year |
_GRECAPTCHA |
Google (reCAPTCHA Enterprise) | Bot and abuse protection on the public booking and registration surfaces. A security cookie processed without consent under Bokko's legitimate interest. Details in the Privacy Policy section 4a. | Period set by Google (observable in the browser's Application → Cookies view) |
Functional Cookies
These store user preferences (e.g., language, theme). The site remains functional without them, but settings will not be preserved.
| Name / Type | Source | Purpose | Retention |
|---|---|---|---|
| User interface preferences (localStorage) | Bokko | Storing language, theme, and other interface preferences | Until deleted |
| Booking form pre-fill data (localStorage) | Bokko | Returning previously entered name and optional email on the same booking page for faster re-booking | 30 days |
Admin two-factor login session (bokko_admin_totp_session, sessionStorage) |
Bokko | After successful two-factor authentication (TOTP), stores the validity of the session so confirmation is not required on every page load. Stored data: user identifier and authentication timestamp — no other personal data is included. | 8 hours (sessionStorage: automatically deleted when the browser tab is closed) |
bokko.mapConsent (localStorage) |
Bokko | Stores the guest's explicit click-through consent for the „Show map" button on the public booking page. If present, the Google Maps Embed will auto-load on all further booking.bokko.app pages on the same browser. Details: Privacy Policy section 4a. |
Until withdrawn (the guest may withdraw it from the booking-specific Privacy page) |
| FCM push notification permission state (browser permission + FCM registration token) | Bokko (token) / Google FCM (delivery) | If the user has accepted the dashboard or booking app's push notification prompt, the browser stores the permission state natively; Bokko stores the Firebase Cloud Messaging registration token (pseudonymous device identifier) server-side for targeted push delivery. The token contains no guest PII. Details: Privacy Policy section 4. | Until the user withdraws the permission or Bokko invalidates the token (device change, sign-out) |
Analytical Cookies — Consent-based
On Bokko's hosted platform pages (dashboard, booking page), we use Google Firebase Analytics to improve user experience. The following measurement cookies may be set in your browser:
| Cookie name | Source | Purpose | Retention |
|---|---|---|---|
_ga |
Google (Firebase Analytics) | Unique visitor identifier for statistical measurement | 2 years |
_ga_<container-id> |
Google (Firebase Analytics) | Google Analytics 4 session state and campaign data retention | 2 years |
_gid |
Google (Firebase Analytics) | Session differentiation for the same visitor (legacy GA mechanism) | 24 hours |
The <container-id> value depends on the Firebase project configuration
(in Bokko's case, the measurement identifier of the bokko-5bb2d project).
Google may modify its cookie structure in the future; Bokko follows the current Firebase
Analytics implementation.
These cookies are only set with your prior consent. Analytical data collection is not activated without consent.
Marketing / Remarketing Cookies
Bokko does not use remarketing or targeted advertising cookies on any of its pages.
3. Platform Pages (dashboard, booking) and Static Informational Pages
On Bokko websites where non-essential (e.g., analytical) cookies or tracking tools operate, a consent banner appears upon the first visit. This currently affects platform pages (dashboard.bokko.app, booking pages).
Among the static informational pages, the getbokko.com landing pages run consent-based Cloudflare Web Analytics — a cookie-less, aggregated measurement that Bokko does not use for individual user profiling. The measurement script loads only upon analytics consent. There is currently no analytics tracking on the help.bokko.io, docs.bokko.io, or status.bokko.io pages. The storage used on these pages (session data, appearance and language preferences) is under separate assessment as "strictly necessary" or under another applicable ePrivacy exception; this policy contains the details.
Settings can be modified at any time via the "Cookie settings" link on the affected websites (see section 5).
4. Third-party Cookies and Embedded Content
Bokko may use different external payment interfaces for payment functions, including in particular the checkout or payment pages provided by Stripe, Barion, or SimplePay. When the user is taken to such an external payment interface, the respective provider may place its own cookies or similar technologies in the browser; these are subject to that provider's own privacy and cookie policies.
Bokko pages do not contain embedded social media widgets (e.g., Facebook Like, Twitter/X widget) that would place third-party cookies on the page at the moment of visit.
5. Managing Cookie Settings
Granting and withdrawing consent: A consent banner for analytical cookies appears upon the first visit to Bokko platform pages (dashboard, booking page). The decision can be withdrawn or modified at any time by clicking the "Cookie settings" link:
- Dashboard: via the opt-out function made available through the dashboard
- Booking page: at the bottom of the page → "Cookie settings" link
- Static informational pages (if the banner is active): at the bottom of the page → "Cookie settings" link
After modifying the decision, analytical data collection stops or activates immediately. Effect of withdrawal: analytical data collection stops, and previously stored analytical data is deleted.
Disabling strictly necessary cookies impairs or terminates the operability of the service. These can be managed through your browser settings.
Browser-level management:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
6. Changes
If a significant change occurs in cookie usage — particularly the introduction of analytical or marketing cookies — this policy will be updated in advance, and an appropriate consent mechanism will be applied on the affected pages.
7. Contact
Questions regarding cookie management should be directed to [email protected].
8. Do Not Track (DNT)
Bokko respects the browser's Do Not Track (DNT) signal. If your browser's DNT setting is active, analytical cookies will not be set, regardless of analytical consent. Technically necessary cookies (Firebase Auth, CSRF) are not affected by this.