This Cookie Policy explains how Paxaden uses cookies and similar technologies on our websites and apps. For how we process personal data more broadly, see our Privacy Policy.
Cookies are small text files stored on your device by your browser. They help a website remember information about your visit, like your preferred language or items in a cart. We also use similar technologies (local storage, session storage, pixels) for the same purposes described here.
We group cookies into categories so you can better understand and control them. The exact set of cookies may change as we improve Paxaden. The categories below include typical examples used on Paxaden or by our processors.
The cookie information below is the same as displayed in our on‑site cookie banner.
Required for core functionality such as login, security and language.
| Name | Owner | Purpose | Expiration |
|---|---|---|---|
| sb-jznbnubwdtmgnpowimjl-auth-token* | Paxaden (Supabase) | Session authentication for your account | ~1 month (cleared on logout) |
| pax_kiosk | Paxaden | UI state for kiosk mode | ~1 month |
| locale | Paxaden | Stores chosen language (en/sv) | ~12 months |
| paxaden_sms_trust | Paxaden | Remembers an SMS-verified phone on this device so repeat bookings can skip OTP; strictly necessary for SMS bookings | set per store (default ~30–90 days) |
| system-banner-dismissed:* (localStorage) | Paxaden | Remembers if you closed a system banner so it stays hidden until the banner content changes | until banner changes or you clear storage |
| __stripe_mid* | Stripe | Payment session / anti‑fraud for subscribers | up to 1 year |
| _GRECAPTCHA | Google LLC (reCAPTCHA v3) | Spam/bot protection for contact form interactions | up to ~6 months |
Help us understand usage to improve reliability and UX.
| Name | Owner | Purpose | Expiration |
|---|---|---|---|
| _ga | Google LLC (Analytics) | Distinguishes users | up to 2 years |
| _ga_07L5VW53G6 | Google LLC (Analytics) | Session/state for this GA4 property | up to 2 years |
| _gid | Google LLC (Analytics) | Distinguishes users per day | ~24 hours |
| _gcl_au | Google LLC (Ads/Analytics) | Stores ad click info for attribution | ~90 days |
Used to personalize ads and measure performance.
| Name | Owner | Purpose | Expiration |
|---|---|---|---|
| IDE | Google LLC / DoubleClick (.doubleclick.net) | Ad measurement & fraud prevention | ~13 months |
| ar_debug | Google LLC / DoubleClick | Ad/remarketing debug flag | up to 12 months |
| __Secure-1PAPISID, __Secure-3PAPISID, __Secure-1PSID, __Secure-3PSID, __Secure-1PSIDCC/TS | Google LLC (.google.com) | Secure identifiers that enforce ad preferences, fraud protection and session integrity for Google Ads surfaces | up to ~2 years |
| __Secure-ENID, ADS_VISITOR_ID, AEC | Google LLC (.google.com) | Helps personalize ads, maintain anti-abuse protections and remember ad measurement choices | ~6–13 months |
| _fbp | Meta Platforms (Meta Pixel) | Stores a unique ID to deliver and measure Meta ads | ~90 days |
Account security and preferences for Google & Meta services (e.g., YouTube embeds, Facebook, reCAPTCHA, Google Sign‑In).
| Name | Owner | Purpose | Expiration |
|---|---|---|---|
| SID, HSID, SSID, APISID, SAPISID, PAPISID, NID, SEARCH_SAMESITE | Google LLC (.google.com / .google.se) | Security, anti‑fraud and preferences for Google services | session to ~2 years |
| __Secure-STRP | Google LLC (.google.com) | Protects Google Sign-In flows against replay attacks | session |
| c_user, datr, dpr | Meta Platforms (.facebook.com) | Keeps you signed in to Facebook Login and records device security signals for social widgets | session to ~2 years |
We may use trusted processors (e.g., hosting, analytics, payments) that set or read cookies to deliver their services. We do not sell your data. For details on personal data processing, please see our Privacy Policy.
We may update this Cookie Policy to reflect technical or legal changes. We will indicate the date of the latest revision below.
Last updated: October 2025