Cookie Policy

About this policy

This Cookie Policy explains what cookies the Market Scanner platform sets, what each one is for, and how you can manage your choices. It should be read together with the Privacy Policy. Cookies are small text files stored on your device that let a website function and remember your choices.

Categories of cookie

• Strictly necessary — required for the platform to work (for example, to keep you signed in and to protect requests). These cannot be opted out of; without them the platform cannot be provided.
• Preference / functional — remember choices you make to improve your experience. These are not strictly necessary, and you can decline them.
• Analytics — Google Analytics 4 cookies used to measure aggregate traffic and conversion. These are NOT set unless you click "Accept" on the cookie consent banner. We do not run advertising tags and IP addresses are anonymized before they reach Google.

The platform does not use advertising or cross-site tracking cookies.

Cookies we set

Cookie	Category	Purpose
authjs.session-token	Strictly necessary	Session cookie issued by NextAuth at sign-in; keeps you authenticated.
authjs.csrf-token	Strictly necessary	CSRF protection for the authentication flow.
theme	Preference	Remembers your light/dark theme choice. Set on theme toggle; not strictly necessary but harmless.
ms-cookie-consent	Preference	Records your cookie-consent choice (accept-all / reject-all). Set when you interact with the consent banner.
_ga	Analytics	Google Analytics 4 client identifier. Set only after you accept on the consent banner. Used to distinguish unique browsers for aggregate measurement.
_ga_<container>	Analytics	Google Analytics 4 session state, one per GA4 property. Set only after consent.

Analytics and tracking

The platform uses Google Analytics 4 (GA4) to measure aggregate traffic, conversion, and feature usage. GA4 is loaded under the strict consent contract below:

• Nothing analytics-related runs until you click "Accept" on the cookie consent banner. The GA4 script tag is not added to the page before consent — not "loaded then suppressed", not "queued behind a flag" — physically absent from the DOM. (Implemented via Google's Consent Mode v2 analytics_storage=denied default and a runtime switch that gates the script tag on the recorded consent choice.)
• We track pageviews and a small set of product events (sign-up, scan creation, schedule lifecycle, plan upgrade, API-key management). Event parameters are PII-free — no email, no internal user IDs, no report IDs. URLs containing IDs (e.g. /reports/<id>) are normalized to /reports/:id before being reported to Google.
• IP addresses are anonymized at the GA4 boundary (anonymize_ip: true).
• Rejecting consent (or clearing your browser cookies for this domain) revokes the analytics state immediately — the GA4 consent-update signal is sent and no further events are reported.
• The platform does not run Google Ads tags, GTM, or any third-party marketing cookies.

Managing your choices

When you first visit the platform you are shown a consent banner where you can accept or reject non-strictly-necessary cookies. You can revisit that choice at any time by re-opening the consent banner from the footer link.

You may also revoke consent by clearing your browser cookies for this domain, or block cookies through your browser settings. Revoking will not delete your account; only the non-strictly-necessary cookies will stop being set. Blocking strictly-necessary cookies will prevent the platform from functioning correctly.

Changes and contact

We may update this Cookie Policy as the platform evolves. Material changes will be published and, where they affect documents covered by the consent gate, you will be asked to re-accept. For questions about cookies, contact the platform operator using the details published on the platform.