Cookie Policy

Last updated: June 1, 2026

What Are Cookies?

Cookies are small text files that a website may store in your browser. DriveMate currently uses only a small number of storage items needed for secure sign-in, prelaunch access control, and language preference. The service currently does not use marketing cookies or traditional profiling trackers.

Necessary Cookies

The current authenticated web flow and prelaunch gate use the following cookies:

access_token:HttpOnly, Secure, SameSite=Strict auth cookie set by the API after login, email verification, or token refresh. Max age up to 7 days.

refresh_token:HttpOnly, Secure, SameSite=Strict refresh cookie used for session renewal through the API. Max age up to 30 days.

prelaunch_access (only when prelaunch mode is enabled):HttpOnly cookie used to remember successful access-code entry to the prelaunch site. SameSite=Lax, path=/, max age 7 days, Secure in production.

Local Browser Storage

The current web app also stores the following non-cookie browser data:

localStorage["locale"]:Stores the selected interface language (`hu` or `en`). It is not used to store login tokens.

Traffic and Technical Performance Measurement

We use Vercel Analytics and Vercel Speed Insights to measure website traffic, stability, and technical performance. The current implementation loads these through Vercel's client libraries and applies route-level sanitization before events are sent. Consistent with the behavior described in the PDF, this observability layer is treated as cookieless: it does not place auth or marketing cookies in your browser and is not used for cross-site profiling.

Third-Party Scripts and Identifiers

If you choose Google sign-in during registration or login, the Google Identity script (`https://accounts.google.com/gsi/client`) is loaded only on that screen. As part of Google's authentication and fraud-prevention flow, Google may read or set its own cookies or identifiers; those are governed by Google's own policies.

Legal Basis and Current Consent State

The auth cookies and the prelaunch-access cookie above are needed for service operation and security. The locale value stores your interface-language preference. The current observability layer follows the PDF's stated cookieless Vercel setup. Because of that, there is currently no separate cookie banner or preference center in the interface. If non-essential cookies or profiling were introduced later, they should be paired with separate consent controls.

Managing Cookies

You can clear cookies and local storage in your browser settings. Removing auth cookies signs you out. Removing the locale value resets your language preference. Browser settings and Google's own controls can also affect third-party Google sign-in cookies or identifiers. Because the current implementation uses necessary cookies plus cookieless measurement only, there is no separate in-app consent manager at this time.

Contact

For questions about cookies, contact us at info@drivemate.hu.