Cookie Policy
Minimist FlexCo Last updated: April 2026
This Cookie Policy explains how Minimist FlexCo ("we", "us", or "our") uses cookies and similar technologies on our website, web application, and mobile application (collectively, the "Services"). This policy should be read alongside our Privacy Policy.
1. What Are Cookies
Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They allow the website to recognize your device and remember information about your visit, such as your preferences or login status. Cookies may be set by the website you are visiting ("first-party cookies") or by third parties whose services appear on that website ("third-party cookies").
Similar technologies include local storage, session storage, and device identifiers used by mobile SDKs. Where we refer to "cookies" in this policy, we include all such technologies.
2. Cookies We Use
2.1 Strictly Necessary Cookies
These cookies are essential for the operation of our Services. They cannot be disabled without affecting core functionality. No consent is required for these cookies under applicable law.
| Cookie / Technology | Purpose | Duration |
|---|---|---|
| Authentication session (Firebase Auth) | Maintains your signed-in state and authenticates API requests | Session / refresh token lifecycle |
| Authentication session (NextAuth) | Server-side session management for the web storefront | Session |
| CSRF protection token | Prevents cross-site request forgery attacks on form submissions and API calls | Session |
| Locale / language preference | Stores your selected language so content is displayed in the correct language | Persistent (1 year) |
| Security cookies | Rate limiting identifiers, bot detection, and abuse prevention | Session / short-lived |
2.2 Analytics and Performance Cookies
These cookies help us understand how visitors interact with our Services, measure performance, and improve the user experience. They are only set with your consent.
| Cookie / Technology | Purpose | Provider | Duration |
|---|---|---|---|
| Server-Side Google Tag Manager (SGTM) | Self-hosted, first-party analytics collection. Events are processed on our own infrastructure before any data is forwarded to analytics tools, giving us full control over what data leaves our servers. | Minimist (self-hosted) | Persistent (up to 2 years) |
| Firebase Analytics | Measures app usage metrics such as screen views, feature adoption, and user engagement to inform product development | Google (Firebase) | Persistent (up to 14 months) |
| Firebase Performance Monitoring | Collects app performance data including page load times, network request latency, and rendering metrics to identify and resolve performance issues | Google (Firebase) | Session |
2.3 Functional Cookies
These cookies enable enhanced functionality and personalization. They may be set by us or by third-party providers whose services we use. If you do not allow these cookies, some features may not function as intended.
| Cookie / Technology | Purpose | Duration |
|---|---|---|
| User preferences (theme, layout) | Remembers your display preferences such as dark/light theme and grid/list layout | Persistent (1 year) |
| Recently viewed items | Stores a list of recently viewed listings to provide quick access and personalized browsing | Persistent (30 days) |
| Cart / session state | Preserves the contents of your cart and current session state across page navigations | Session / persistent (30 days) |
2.4 Marketing Cookies
These cookies are used to track visitors and measure the effectiveness of marketing campaigns. They are only set with your consent.
| Cookie / Technology | Purpose | Provider | Duration |
|---|---|---|---|
| Branch.io | Deep link attribution and engagement tracking for the mobile app. Measures which marketing channels and campaigns drive app installs and in-app actions. | Branch Metrics, Inc. | Persistent (up to 2 years) |
| HubSpot | CRM tracking for marketing site visitors. Identifies returning visitors, tracks page views on marketing pages, and attributes leads to marketing campaigns. | HubSpot, Inc. | Persistent (up to 13 months) |
3. Third-Party Cookies
The following third parties may set cookies or similar technologies through our Services:
- Google (Firebase) — Authentication, analytics, and performance monitoring. Google's privacy policy: https://policies.google.com/privacy
- Branch Metrics, Inc. — Deep link attribution for mobile app campaigns. Branch privacy policy: https://www.branch.io/policies/privacy-policy/
- HubSpot, Inc. — Marketing CRM and lead tracking on marketing pages. HubSpot privacy policy: https://legal.hubspot.com/privacy-policy
We do not control cookies set by third parties. Please refer to the respective third-party privacy policies for information about their practices.
4. How to Manage Cookies
4.1 Consent Banner
When you first visit our website, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies by category. You can change your preferences at any time by accessing the cookie settings link in the footer of our website.
4.2 Browser Settings
Most web browsers allow you to control cookies through their settings. You can typically:
- View what cookies are stored on your device
- Delete individual cookies or all cookies
- Block cookies from specific sites or all sites
- Block third-party cookies while allowing first-party cookies
- Set preferences for specific types of cookies
Instructions for the most common browsers:
- Google Chrome: Settings > Privacy and Security > Cookies and other site data — https://support.google.com/chrome/answer/95647
- Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data — https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
- Safari: Preferences > Privacy > Manage Website Data — https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- Microsoft Edge: Settings > Cookies and site permissions > Cookies and site data — https://support.microsoft.com/en-us/microsoft-edge/manage-cookies-in-microsoft-edge-63947406-40ac-c3b8-57b9-2a946a29ae09
4.3 Impact of Disabling Cookies
If you disable strictly necessary cookies, core functionality of our Services may be affected, including the ability to sign in, maintain a session, or complete transactions. We recommend keeping strictly necessary cookies enabled.
Disabling analytics, functional, or marketing cookies will not prevent you from using the Services, but some features (such as personalized recommendations or saved preferences) may not work as expected.
5. Mobile App
Our mobile application uses software development kits (SDKs) from Firebase and Branch.io that may store local identifiers and device-level data. These identifiers serve similar purposes to cookies on the web, including authentication, analytics, performance monitoring, and attribution.
You can manage these through:
- Device settings: Both iOS and Android provide controls for advertising identifiers, analytics data sharing, and app permissions.
- In-app preferences: The app includes a privacy settings screen where you can opt out of non-essential data collection.
- Operating system opt-outs: Use "Limit Ad Tracking" (iOS) or "Opt out of Ads Personalization" (Android) to restrict identifier-based tracking.
6. Changes to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technologies, or legal requirements. Any updates will be posted on this page with a revised "Last updated" date. We encourage you to review this policy periodically.
Where changes are significant, we will provide a more prominent notice, such as a banner on our website or a notification within the app.
7. Contact
If you have questions about our use of cookies or this policy, please contact us at:
Email: [email protected]
Minimist FlexCo (FN632330y) Neustiftgasse 36 1070 Vienna Austria