Cookies policy
version 1.0 · effective 2026-05-01
This Cookies Policy explains how AAM Platform (operated by Tadeáš Raška, contact tadeas@raska.eu) uses cookies and similar local-storage technologies. It supplements our Privacy Policy.
1. Legal framework
This Policy is provided pursuant to the requirements of:
- Directive 2002/58/EC on privacy and electronic communications, as amended (the "ePrivacy Directive"), in particular Article 5(3);
- § 89 of Act No. 127/2005 Sb. on Electronic Communications, transposing the ePrivacy Directive into Czech law, which requires informed consent before storing or accessing information on terminal equipment, save for storage that is "strictly necessary" for an information-society service explicitly requested by the user;
- Regulation (EU) 2016/679 (GDPR) where the storage involves personal data;
- European Data Protection Board Guidelines 03/2022 on deceptive design patterns in social-media-platform interfaces and Opinion 5/2019 on the interplay of ePrivacy and GDPR, which we apply by analogy.
2. Categories under EDPB guidance
We classify our use of cookies and local storage in accordance with the EDPB's functional taxonomy:
- Strictly necessary. Required to deliver the service explicitly requested by the user (sign-in, session continuity). No consent is legally required.
- Functional. Improve usability without enabling tracking or measurement (e.g. recording your dismissal of the cookie banner). Treated as not requiring consent under § 89(3) of Act No. 127/2005 Sb. because they are necessary for the service component the user has interacted with; we still display the banner for transparency.
- Performance / measurement / advertising. Would require informed prior consent. We currently do not use any.
3. Inventory
| Identifier | Set by | Purpose | Type | Duration | Category |
|---|---|---|---|---|---|
aam_session | aam-platform-gamma.vercel.app (first-party) | Holds the Firebase session-cookie token after sign-in. Used by the application server to identify the authenticated account on each request. | Cookie (HttpOnly, Secure, SameSite=Lax) | 14 days, rolling on activity | Strictly necessary |
__session | firebaseapp.com (first-party of the Firebase Auth subdomain) | Set by Firebase Authentication during the sign-in handshake. Required to establish the session. | Cookie | Session | Strictly necessary |
aam_cookie_consent | aam-platform-gamma.vercel.app (first-party) | Records that you have acknowledged this Policy so we do not show the banner on every visit. | Cookie + mirrored localStorage entry | 12 months | Functional |
4. What we explicitly do not use
We do not deploy: Google Analytics, Mixpanel, Amplitude, Hotjar, FullStory, Segment, Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, X (Twitter) conversion pixel, or any third-party advertising-, behavioural-, or cross-context analytics tag. We do not engage in cross-site or cross-context tracking. We do not share device identifiers with advertising networks.
Should we introduce any non-essential measurement in the future, we will (a) update this inventory at least thirty (30) days in advance, (b) request prior, granular, opt-in consent through a compliant consent interface, and (c) refrain from setting any such cookie until consent is recorded.
5. The banner
A small banner is shown on first visit. Because every cookie listed in Section 3 is either strictly necessary or strictly functional, your consent is not legally required for any of them. The banner exists to satisfy the transparency requirement of Article 13 GDPR and to record your acknowledgement so it does not reappear. Closing the banner stores the aam_cookie_consentcookie. There is no "reject all" button because there are no non-essential cookies to reject; the language has been simplified accordingly to avoid the deceptive-design patterns identified by the EDPB.
6. Browser controls
You may at any time clear, block, or restrict cookies in your browser. Blocking the strictly-necessary cookies will prevent you from signing in.
- Chrome: chrome://settings/cookies
- Safari: System Settings → Safari → Privacy
- Firefox: about:preferences#privacy
- Brave: brave://settings/cookies
- Mobile (iOS/Android): see your browser's privacy settings
You can also use the Global Privacy Control (GPC) signal; we honour it where applicable, although given that we deploy no advertising or measurement cookies, the practical effect is limited.
7. Lawful basis for the data behind the cookies
Strictly necessary cookies and the localStorage entry process personal data under Article 6(1)(b) GDPR (performance of the contract represented by the Service). The functional consent-acknowledgement cookie processes data under Article 6(1)(f) GDPR (legitimate interest in compliance with our transparency duties), with a privacy impact close to nil.
8. Right to withdraw and to complain
You may withdraw consent (where given), object, or seek erasure at any time by writing to tadeas@raska.eu. You may also lodge a complaint with the Czech supervisory authority (ÚOOÚ, Pplk. Sochora 27, 170 00 Praha 7, posta@uoou.cz).
9. Changes
We will update this Policy if we change which cookies or storage we use. Material changes will trigger a re-display of the banner and an updated changelog below.
Changelog
- 2026-05-01 · v1.0 · expanded with ePrivacy Directive and § 89 Act No. 127/2005 Sb. references, EDPB taxonomy, deceptive-design rationale, GPC support note.
- 2026-05-01 · v0.1 · initial publication.