Cookie Policy
Last updated: March 12, 2026 Version: 1.0
Note: This English version is provided for convenience only. In the event of any discrepancy between the English and German versions, the German version shall prevail.
1. What Are Cookies?
Cookies are small text files that a website stores on your device (computer, tablet, smartphone) when you visit it. They serve to save your settings and inputs so that you do not have to enter them again on every visit, and they allow the website to recognise you.
In addition to cookies, websites also use localStorage -- a similar technology that stores data directly in the browser. Unlike cookies, localStorage data is not automatically sent to the server but is only used locally in the browser.
In this policy, we use the term "cookies" as a collective term for cookies and comparable technologies such as localStorage, unless otherwise stated.
2. What Cookies Do We Use?
2.1 Cookies (HTTP Cookies)
| Name | Provider | Purpose | Category | Duration | Personal Data |
|---|---|---|---|---|---|
sb-*-auth-token |
Supabase (authentication service) | Stores the session token (JWT) for user authentication. Allows you to remain signed in without having to log in again on every page request. | Strictly necessary | Up to 1 year (deleted on sign-out) | Yes -- contains an encrypted user ID and session data |
sb-*-auth-token-code-verifier |
Supabase (authentication service) | PKCE code verifier for the OAuth sign-in flow. Protects the authentication process against interception attacks (per RFC 7636). | Strictly necessary | Duration of the sign-in process (temporary) | No -- cryptographic random value with no personal reference |
__stripe_mid |
Stripe (payment processor) | Merchant identifier for fraud prevention. Set by Stripe to detect and prevent fraudulent payments. | Strictly necessary (payment security) | 1 year | Yes -- pseudonymised device identifier |
__stripe_sid |
Stripe (payment processor) | Session identifier for fraud prevention. Set during the payment process to ensure transaction security. | Strictly necessary (payment security) | 30 minutes | Yes -- pseudonymised session identifier |
Note: The asterisk (
*) in the cookie namesb-*-auth-tokenrepresents a project-specific identifier from Supabase and varies depending on the configuration.
2.2 localStorage (Browser Storage)
| Name | Provider | Purpose | Category | Duration | Personal Data |
|---|---|---|---|---|---|
bivy-cookie-consent |
bivy | Stores your cookie preference (whether and which cookies you have accepted or rejected). Required so that your decision is respected on future visits. | Strictly necessary | Persistent (users are re-prompted for consent after 1 year or when the cookie policy version changes) | No -- contains only the preference setting (e.g. "accepted" / "rejected") |
NEXT_LOCALE |
Next.js (framework) | Stores your preferred language setting (e.g. "de" or "en") so that the website is displayed in the correct language on your next visit. | Functional | Persistent (until manually deleted by you) | No -- contains only a language code |
3. Cookie Categories Explained
3.1 Strictly Necessary Cookies
These cookies are essential for the operation of the website. Without them, basic functions such as signing in, navigating between pages, or securely processing payments cannot be guaranteed.
Legal basis: Strictly necessary cookies may be set without your prior consent, as they are required for the provision of the service you have expressly requested (Art. 45c Swiss Telecommunications Act (TCA); Art. 5(3) ePrivacy Directive 2002/58/EC).
On bivy, this applies to: Authentication cookies (Supabase), payment security cookies (Stripe), and the storage of your cookie preference.
3.2 Functional Cookies
Functional cookies enable the website to provide enhanced functionality and personalised presentation. They are set either by us or by third-party providers whose services we have integrated into our website.
Legal basis: Processing is based on our legitimate interest in a user-friendly presentation of the website (Art. 31(1) Swiss Federal Act on Data Protection (FADP)). You may refuse the storage of functional cookies at any time or delete them via your browser settings.
On bivy, this applies to: The language preference setting (NEXT_LOCALE).
Note: The language preference (
NEXT_LOCALE) directly serves the provision of the service requested by the user and may therefore also be classified as strictly necessary.
3.3 Analytics / Statistics Cookies
Not currently in use. bivy does not currently use any analytics or statistics cookies. Should we implement an analytics tool in the future (e.g. Plausible Analytics, which operates without cookies), we will update this policy accordingly and inform you.
3.4 Marketing / Advertising Cookies
Not currently in use. bivy does not use any marketing or advertising cookies and does not engage in user-based tracking for advertising purposes. No data is transmitted to advertising networks or social media platforms for advertising purposes.
4. Legal Basis
4.1 Swiss Law
The processing of data by means of cookies is governed by the Swiss Federal Act on Data Protection (FADP) and the Telecommunications Act (TCA), in particular Art. 45c TCA. This provision requires us to inform you about the use of cookies and their purpose and to provide you with the option to refuse data processing.
No separate consent is required for strictly necessary cookies. For functional cookies, we rely on our legitimate interest (Art. 31(1) FADP). Should we use analytics or marketing cookies in the future, we will obtain your express consent beforehand.
4.2 EU/EEA Law (for Users in the European Economic Area)
For users in the EEA, the ePrivacy Directive (2002/58/EC) in conjunction with the General Data Protection Regulation (GDPR) additionally applies:
- Strictly necessary cookies are exempt from the consent requirement pursuant to Art. 5(3) of the ePrivacy Directive, as they are essential for the provision of the service expressly requested by the user.
- Functional cookies may be set on the basis of legitimate interest, provided a clear opt-out mechanism is available.
- Analytics and marketing cookies would require express consent pursuant to Art. 7 GDPR. We do not currently use such cookies.
4.3 FDPIC Guidelines
We align our practices with the Guidelines of the Swiss Federal Data Protection and Information Commissioner (FDPIC) on Data Processing Using Cookies and Similar Technologies (Version 1.1, 6 October 2025). These guidelines specify the requirements for transparency, consent, and joint controllership in the use of cookies.
5. Third-Party Cookies
5.1 Supabase (Authentication)
Supabase is our authentication service. The cookies set by Supabase (sb-*-auth-token, sb-*-auth-token-code-verifier) are exclusively required for secure sign-in and session management. Supabase processes this data on our behalf in the EU region Frankfurt (eu-central-1). For more information, please refer to the Supabase Privacy Policy.
5.2 Stripe (Payment Processing)
Stripe is our payment processor. The cookies __stripe_mid and __stripe_sid serve exclusively for fraud prevention and payment security. They are only set when Stripe.js is loaded on the page (e.g. on payment and subscription pages). Stripe processes data as an independent controller.
For fraud prevention purposes, Stripe acts as an independent controller within the meaning of Art. 26 GDPR. There is no joint controllership, as bivy has no influence over Stripe's independent fraud prevention measures.
For more information, please refer to the Stripe Cookie Policy and the Stripe Privacy Policy.
6. How Can You Manage Cookies?
6.1 Via bivy Cookie Settings
When you first visit our website, you will be informed about the cookies in use. You can adjust your settings at any time via the "Cookie Settings" link in the website footer.
6.2 Via Your Browser Settings
You can also manage, restrict, or delete cookies via your browser settings. The procedure depends on the browser you use:
- Chrome: Settings > Privacy and Security > Cookies and other site data
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Settings > Privacy > Manage Website Data
- Edge: Settings > Cookies and site permissions
Additionally, you can delete localStorage data via your browser's developer tools (F12 key > "Application" or "Storage" tab).
6.3 Important Notice
If you block or delete strictly necessary cookies, the functionality of the website may be significantly impaired. In particular, you may be unable to sign in, and payment processes may fail. bivy assumes no liability for functional limitations resulting from the blocking of necessary cookies.
7. Changes to This Cookie Policy
We reserve the right to amend this cookie policy at any time, in particular to adapt it to changed legal requirements, new technologies, or changes to our services. The current version is always available on our website. In the event of material changes, we will inform you in an appropriate manner.
We recommend that you review this cookie policy regularly.
8. Contact
If you have any questions about this cookie policy or about data protection in general, please contact:
bivy Data Protection
Switzerland
Email: datenschutz@bivy.ch
For general enquiries: hello@bivy.ch
This cookie policy forms part of our Privacy Policy and our Legal Notice.