Cookies
Cookies Policy
How PNASTAPP uses cookies and similar technologies under the ePrivacy Directive and the GDPR.
Effective Date: 13 April 2026
Last Updated: 13 April 2026
1. Introduction
This Cookies Policy explains how PNASTAPP ("we", "us", "our") uses cookies, local storage and similar tracking technologies when you visit or use the PNASTAPP social networking platform (the "Service"). It forms part of, and should be read together with, our Privacy Policy and our Terms and Conditions.
PNASTAPP is operated from Georgiou Griva Digeni 30, Latsia, Nicosia, Cyprus. As an EU-established service we comply with Regulation (EU) 2016/679 (the "GDPR"), Directive 2002/58/EC as amended (the "ePrivacy Directive") and the Cyprus Law 125(I)/2018 transposing the GDPR.
2. What Are Cookies?
Cookies are small text files placed on your device (computer, phone, tablet) by the websites you visit. They are widely used to make websites work, to make them work more efficiently, and to provide information to the website owner. Similar technologies include localStorage, sessionStorage and IndexedDB, which also store data in your browser; this policy uses the word "cookies" as shorthand for all of them.
Cookies may be first-party (set by PNASTAPP itself) or third-party (set by another service we embed, such as Google). They may also be session cookies, which disappear when you close your browser, or persistent cookies, which remain for a defined period.
3. Legal Basis for Using Cookies
Under Article 5(3) of the ePrivacy Directive, storing information on your device or accessing information already stored on it is only allowed if you have given your prior informed consent, unless the storage or access is strictly necessary to deliver a service you have explicitly requested.
- Strictly necessary cookies are set on the basis of our legitimate interest in operating a secure, functional platform under Article 6(1)(f) GDPR, and fall within the ePrivacy "strictly necessary" exemption. No consent is required for these.
- Functional, analytics and marketing cookies are only set after you have given freely-given, specific, informed and unambiguous consent under Article 6(1)(a) GDPR and Article 5(3) of the ePrivacy Directive. You may withdraw that consent at any time.
4. Google Consent Mode v2
PNASTAPP implements Google Consent Mode v2. This means that, by default, all consent signals sent to Google services are set to denied:
analytics_storage— deniedad_storage— deniedad_user_data— deniedad_personalization— deniedfunctionality_storage— deniedpersonalization_storage— denied
These signals are only switched to granted after you actively choose to allow the corresponding category in our consent banner. In addition, the Google AdSense loader script is not loaded at all on page start — it is dynamically injected into the page only after you have granted marketing consent. Until then, no request is made to Google's advertising servers.
5. Cookie Categories
5.1 Strictly Necessary
Required for the Service to function: authentication, session continuity, security, load balancing, and remembering the choices you made in the consent banner. These cannot be switched off.
5.2 Functional
Remember choices you make to personalise your experience, such as dark mode and interface language. Set only with your consent.
5.3 Analytics
Help us understand how the Service is used in aggregate so that we can improve it. Set only with your consent, via Google Analytics 4 with IP anonymisation and in Consent Mode v2.
5.4 Marketing
Used to show advertising (via Google AdSense) and to measure the performance of campaigns. The AdSense script itself is only injected after you grant marketing consent, meaning that if you never consent, no connection is made to Google's ad servers at all.
6. Cookies We Use
The following table lists every cookie and similar identifier that PNASTAPP may store on your device, together with the third-party cookies that may be set once you have consented to the corresponding category.
| Name | Provider | Category | Purpose | Duration |
|---|---|---|---|---|
pnastapp_cookie_consent | PNASTAPP | Strictly Necessary | Records whether you have interacted with the consent banner (accepted, declined or customised). | 1 year |
pnastapp_cookie_preferences | PNASTAPP | Strictly Necessary | Stores your category-level consent choices (necessary / functional / analytics / marketing). | 1 year |
pnastapp_dark_mode | PNASTAPP | Functional | Remembers your dark mode / light mode preference. | 1 year |
pnastapp_language | PNASTAPP | Functional | Remembers the interface language you selected. | 1 year |
pnastapp_user_id | PNASTAPP | Strictly Necessary | Stores the current user identifier after login for session continuity. | 7 days |
pnastapp_session_token | PNASTAPP | Strictly Necessary | Backend session cookie. HttpOnly, Secure, SameSite. Used for authenticated requests. | Session |
sb-*-auth-token | Supabase (third-party) | Strictly Necessary | Authentication session token issued by Supabase, required to keep you logged in. | Session / up to 30 days |
_ga | Google LLC | Analytics | Google Analytics 4 — distinguishes unique users. Loaded only if analytics consent is given. | 2 years |
_ga_* | Google LLC | Analytics | Google Analytics 4 — persists session state for a specific property. Loaded only if analytics consent is given. | 2 years |
__gads | Google LLC | Marketing | Google AdSense — used to deliver, measure and report on advertising. Set only if marketing consent is given. | Up to 13 months |
IDE | Google LLC (doubleclick.net) | Marketing | Used by Google DoubleClick to register and report user actions after viewing or clicking an ad. Set only if marketing consent is given. | Up to 13 months |
test_cookie | Google LLC (doubleclick.net) | Marketing | Used to check whether the user's browser supports cookies. Set only if marketing consent is given. | 15 minutes |
Note on pnastapp_user_id and pnastapp_session_token: these are only created after you choose to sign in, and are required to keep you authenticated. They fall within the ePrivacy "strictly necessary" exemption for services explicitly requested by the user.
7. Third-Party Processors and International Transfers
Some cookies are set by third parties whose services we integrate. These third parties act as independent controllers or joint controllers with us for the data collected through their cookies, and they process personal data under their own privacy policies.
- Google LLC (Google Analytics 4, Google AdSense, Google Consent Mode) — 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Data may be transferred to the United States. Transfers are safeguarded by the EU-US Data Privacy Framework (Google LLC is certified) and by the European Commission's Standard Contractual Clauses (2021/914).
- Supabase Inc. — 970 Toa Payoh North, Singapore. Authentication session data may be processed on infrastructure located in the European Union; where transfers outside the EEA occur, they are covered by Standard Contractual Clauses.
8. How to Withdraw or Change Your Consent
You can change or withdraw your consent at any time. Withdrawing consent is as easy as giving it.
- Via the consent banner: click the "Cookie Preferences" link in the footer of any page on PNASTAPP. This reopens the consent banner, where you can accept, reject or fine-tune each category individually.
- Via the Accept All / Reject All buttons: when the banner is open, you can consent to all non-essential categories, reject all non-essential categories, or go into "Manage" to toggle each category independently.
- Effect of withdrawal: withdrawing consent stops any further collection for the affected categories. Cookies already set may remain on your device until they expire or are deleted — you can remove them through your browser at any time.
9. Browser-Level Controls
Most browsers allow you to view, block and delete cookies from their settings screen. You can also configure your browser to refuse all cookies, or to notify you before a cookie is set. Note that blocking strictly necessary cookies will prevent core features of PNASTAPP (such as logging in) from working.
10. Do Not Track and Global Privacy Control
There is currently no common industry or legal standard for recognising or honouring "Do Not Track" (DNT) signals. PNASTAPP therefore does not change its behaviour when it detects a DNT header. However, we do respect Global Privacy Control (GPC) signals where technically feasible, by treating them as an opt-out of analytics and marketing categories for the current browser session. Regardless of DNT or GPC, you remain fully in control via our consent banner.
11. Data Retention
Cookie data is retained for no longer than the durations listed in the table in Section 6. When a cookie expires or is deleted, the data it contained is no longer accessible to us. Aggregated, non-identifying statistics derived from Google Analytics may be kept for longer, as described in our Privacy Policy.
12. Updates to This Policy
We may update this Cookies Policy to reflect changes in the cookies we use, in applicable law, or in our business practices. When we do, we will update the "Last Updated" date at the top of this page. If the changes are material, we will ask you to renew your consent through the banner.
13. Contact
If you have any questions about this Cookies Policy or wish to exercise your rights under the GDPR, please contact us:
- Entity: PNASTAPP
- Address: Georgiou Griva Digeni 30, Latsia, Nicosia, Cyprus
- Email: [email protected]
You also have the right to lodge a complaint with the Cyprus Commissioner for Personal Data Protection (www.dataprotection.gov.cy) or with the supervisory authority of your country of residence.