StoreFront Cookie Policy

**Last Updated: March 2026** This policy explains how the StoreFront mobile application ("the App"), operated by **Sprout Technology Pty Ltd**, uses cookies, local storage, and similar technologies. --- ## 1. Do We Use Cookies? **StoreFront is a native mobile application, not a website.** We do not use traditional browser cookies. However, like most mobile apps, we use local device storage technologies that serve similar functions. This policy explains what those are and how they work. --- ## 2. What We Store on Your Device‍ ‍### 2.1 Authentication Tokens (Required) | What | Where | Why | |------|-------|-----| | Access token (JWT) | Device encrypted keychain (Expo Secure Store) | Keeps you signed in so you don't need to enter your password every time | | Refresh token | Device encrypted keychain (Expo Secure Store) | Automatically renews your access token when it expires | These tokens are stored in your device's encrypted keychain (iOS Keychain / Android Keystore), the most secure storage available on mobile devices. They are: - Encrypted at the hardware level - Not accessible by other apps - Automatically cleared when you sign out or delete your account - Not transmitted to any third party ### 2.2 In-Memory Caches (Temporary) The App uses temporary in-memory caches to improve performance and reduce data usage. These include cached copies of: - Your swipe feed items - Trending items and brands - Brand profiles and analytics - Your tag preferences - Currency conversion rates - Notification data These caches: - Exist **only in app memory** while the App is running - Are **automatically cleared** when you close or restart the App - Are **never sent** to any external service - Contain only copies of data already stored on our servers ### 2.3 Network Connectivity Check The App periodically checks your internet connectivity by sending a lightweight request to `https://clients3.google.com/generate_204` (a standard connectivity check endpoint). This check: - Sends no personal data - Only determines if you have an internet connection - The result (connected/disconnected) is stored in app memory only - Is used solely to show you an offline indicator in the UI --- ## 3. Third-Party Technologies‍ ‍### 3.1 Supabase Authentication Our authentication provider (Supabase) manages session tokens on your device. This is limited to the authentication tokens described in Section 2.1 above. ### 3.2 Expo Push Notifications If you enable push notifications, the Expo push notification service stores a push token on your device. This token: - Is used solely to deliver push notifications to your device - Is stored on our server alongside your user ID - Is deleted when you sign out, disable notifications, or delete your account ### 3.3 No Analytics or Advertising Trackers We do **not** use: - Google Analytics, Firebase Analytics, or any third-party analytics SDK - Advertising SDKs or tracking pixels - Facebook SDK, Mixpanel, Amplitude, Segment, or similar services - Any technology that tracks you across other apps or websites --- ## 4. Your Choices‍ ‍### 4.1 Managing Stored Data You can manage the data stored on your device by: - **Signing out** -- clears authentication tokens and push notification tokens - **Clearing app data** -- through your device settings (Settings > Apps > StoreFront > Clear Data), removes all locally stored data - **Deleting your account** -- removes all data from our servers and triggers local cleanup - **Disabling notifications** -- through your device settings, prevents push notification token storage ### 4.2 Essential Storage Only All local storage used by the App is essential for its operation (authentication, performance caching, connectivity checking). We do not use any optional or non-essential tracking technologies that would require separate consent under ePrivacy regulations. --- ## 5. Future Web Version If we introduce a web-based version of StoreFront, this policy will be updated to include details about browser cookies, including any analytics or functional cookies, consent mechanisms, and cookie management options. --- ## 6. Changes to This Policy We may update this policy from time to time. Changes will be reflected in the "Last Updated" date above. --- ## 7. Contact Us If you have questions about this policy: **Sprout Technology Pty Ltd** ABN: 74 658 119 450 Email: contact@sprout.enterprises‍ ‍