moopy
← Back to Home

Cookie Policy

Last updated: January 20, 2025

This Cookie Policy explains how Moopy (operated by Seneris B.V.) uses cookies and similar technologies. We are committed to transparency about our data practices and compliance with EU regulations.

What are cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a secure, functional user experience by remembering your authentication state and preferences.

How we use cookies

Essential Cookies (Required)

These cookies are necessary for the authentication service to function properly. They cannot be disabled as they are essential for security and functionality.

  • moopy-session (Production) or moopy-staging-session (Staging)
    • Purpose: Maintains your encrypted login session
    • Technology: iron-session (encrypted cookies)
    • Duration: 7 days
    • Attributes: HttpOnly, Secure, SameSite=Lax
  • moopy-cookie-consent
    • Purpose: Remembers your cookie preferences
    • Duration: 1 year
    • Attributes: Secure, SameSite=Lax

Session Data

Our session cookies temporarily store:

  • User ID (encrypted)
  • Email address (encrypted)
  • Login state (encrypted)
  • WebAuthn challenge (temporary, during authentication only)

All session data is encrypted using iron-session with a secure secret key. Sessions expire after 7 days of inactivity.

Analytics (Privacy-Friendly)

We use Vercel Analytics to understand how visitors interact with our service. This service is designed with privacy in mind:

  • No cookies used - Vercel Analytics does not set cookies
  • Anonymous data - No personal information is collected
  • Data collected: Page views, referrer, country (not city), browser type, device type
  • GDPR compliant - Does not require consent under ePrivacy Directive

Cookies we do NOT use

To protect your privacy, we explicitly do NOT use:

  • Third-party advertising cookies
  • Social media tracking pixels
  • Cross-site tracking cookies
  • Google Analytics or similar invasive analytics
  • Marketing or retargeting cookies

WebAuthn / Passkeys (No Cookies)

When you use Face ID / Touch ID (passkeys) to sign in:

  • Your biometric data never leaves your device
  • We only store the public key component of your credential
  • No additional cookies are used for passkey authentication
  • WebAuthn challenges are temporarily stored in your session cookie during authentication

OAuth Authorization Data

When you authorize third-party applications:

  • Authorization codes and access tokens are NOT stored in cookies
  • Tokens are transmitted securely and stored server-side in the database
  • Your session cookie identifies you during the OAuth flow
  • Third-party applications may set their own cookies (see their policies)

Managing cookies

You can control cookies in your browser settings. However, disabling essential cookies will prevent you from using our authentication service.

Browser Settings

Most web browsers allow you to manage cookies through their settings:

  • Chrome: Settings → Privacy and security → Cookies
  • Firefox: Settings → Privacy & Security → Cookies
  • Safari: Preferences → Privacy → Cookies and website data
  • Edge: Settings → Cookies and site permissions

Warning: Blocking essential cookies will prevent you from signing in to Moopy and using OAuth authentication services.

Third-party services

We use minimal third-party services, prioritizing your privacy:

  • iron-session - Secure session management (essential cookies only)
  • Vercel Analytics - Anonymous usage tracking (no cookies)
  • SimpleWebAuthn - Open-source passkey library (no external requests)
  • PostgreSQL - Database hosting (no cookies on our site)

Your consent

Under EU ePrivacy Directive and GDPR:

  • Essential cookies do not require consent (necessary for service functionality)
  • Vercel Analytics is privacy-friendly and does not require consent
  • We will request consent if we add non-essential cookies in the future

International transfers

Our service is hosted on Vercel's global infrastructure. Cookie data may be processed in:

  • European Union (primary hosting region)
  • United States (Vercel infrastructure)

All data transfers comply with GDPR requirements, including Standard Contractual Clauses (SCCs).

Updates to this policy

We may update this Cookie Policy from time to time. Any changes will be posted on this page with an updated revision date. Material changes will be communicated via email or prominent service notice.

Contact us

If you have questions about our use of cookies, please contact us:

Seneris B.V.
Email: privacy@moopy.nl
Address: Burgemeester Ceulenstraat 8A, 6212 CS Maastricht, The Netherlands
KvK Number: 98215183

This Cookie Policy is part of our commitment to transparency. For more information, see our Privacy Policy, Terms of Service, and Legal Information.