Last updated: 29 April 2026
This Cookie Policy explains how Slipp ApS ("Slipp", "we") uses cookies, localStorage and similar technologies on our marketing site (slipp.app), our attendee app, and our vendor app (together, the "Services").
It complements our Privacy Policy and is intended to satisfy the duties under ePrivacy Directive 2002/58/EC, the Danish cookie order (Cookiebekendtgørelsen, BEK nr. 1148 af 09/12/2011), and the Danish Data Protection Authority's 2026 guidance.
A cookie is a small text file stored by your browser when you visit a website. We also use other client-side storage mechanisms — primarily browser localStorage — that work in a similar way: they store small pieces of data on your device that we (or our service providers) can read on later visits.
For simplicity, we refer to all of these as "cookies" in this policy. Where the table below lists a "Type", we tell you whether the entry is an HTTP cookie or a localStorage entry.
We classify cookies into the following categories. Strictly necessary entries are always active because the Services cannot work without them. Other categories require your consent and you can change your choice at any time.
Required to authenticate you, keep your cart, secure the apps against abuse, remember your basic preferences (theme, language), and complete an order. No consent is required.
Help us measure how the Services are used so we can improve them. Active only with your consent.
Helps us improve the app by recording how a small sample of sessions navigates it, so we can debug user-experience issues. (This category covers session-replay technology.) Active only with your separate consent.
Slipp does not use marketing cookies. We do not place advertising trackers on the Services.
When you first open the attendee app or the vendor app, a banner appears with two separate toggles — Statistics and "Help us improve the app" — both off by default. The Reject and Accept buttons are presented with equal visual weight; pre-ticked boxes are not used.
Your choice is stored in localStorage on your device as a record like {statistics, sessionReplay, timestamp, policyVersion}. We re-prompt automatically after 12 months or whenever this policy version increments.
You can change your mind at any time. A persistent "Cookie preferences" link in the app footer re-opens the banner. Until you grant consent, statistics and session-replay tools are not loaded and fire no third-party requests.
The marketing site uses cookieless analytics (Plausible Analytics) only. It does not set advertising cookies, does not perform cross-site tracking, and does not require a consent banner under the Danish guidance because no non-essential cookies are placed.
The only first-party storage on the marketing site is a "theme" preference in localStorage to remember your light/dark choice — strictly necessary for the requested feature and not shared with third parties.
The list below groups cookies and browser-storage entries by purpose. Specific identifiers may change as we update the apps; the categories, providers and purposes remain accurate. Third-party identifiers (Cloudflare, Stripe, etc.) are listed by name because they are stable contracts with those providers.
| Name | Provider | Purpose | Category | Duration | Type |
|---|---|---|---|---|---|
| Authentication & session | Slipp | Keeps you signed in to the apps, protects sign-in against cross-site request forgery, and remembers the page to return to after a magic-link or one-time-code login. Includes a session cookie (HttpOnly, Secure, SameSite=Lax) issued by our auth library Better Auth and supporting entries in browser storage. | Strictly necessary | Session cookie up to 24 hours; supporting entries until you clear them | Cookie + browser storage |
| Order convenience | Slipp | Pre-fills your email at checkout and on the vendor login screen, caches your recent orders for offline-friendly display, and (in the vendor app) queues actions while the device is offline so they can sync later. | Strictly necessary | Until you clear them or until synced | Browser storage |
| App preferences | Slipp | Remembers preferences such as light or dark theme and the vendor preparation-view mode you chose, so the apps behave consistently between visits. | Strictly necessary | Until you clear them | Browser storage |
| Cookie consent record | Slipp | Records your choices in the cookie banner so we do not ask again every session. Stored in browser storage as a small object containing your toggle states, a timestamp, and the policy version. | Strictly necessary | 12 months, then we ask again | Browser storage |
| __cf_bm | Cloudflare | Bot management; protects the apps from automated abuse. | Strictly necessary | ~30 minutes | Cookie |
| __stripe_mid | Stripe | Fraud prevention on payment pages. | Strictly necessary | 1 year | Cookie |
| __stripe_sid | Stripe | Fraud prevention on payment pages. | Strictly necessary | ~30 minutes | Cookie |
| No cookies set on the marketing site | Plausible Analytics | Cookieless aggregated traffic analytics. No identifiers stored. | Strictly necessary (cookieless) | n/a | — |
| Statistics in apps (TBD) | TBD analytics provider (apps) | Aggregated usage measurement to improve the apps. | Statistics | Set by provider; loaded only after consent | Cookie / localStorage |
| App-improvement recording (BetterStack) | BetterStack | Records a sample of app sessions (session replay) so we can debug UX issues. Loaded only after consent. | App improvement | Set by provider; not loaded until consent | Cookie / localStorage |
You can change your consent at any time, and you can also clear cookies and storage directly in your browser:
Browser instructions:
Questions about this Cookie Policy or about our consent banner can be sent to privacy@slipp.dk.
You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet) — see our Privacy Policy for details.
We may update this Cookie Policy as we add or remove tooling. The "Last updated" date at the top reflects the latest version. Material changes increment the policy version, which triggers a fresh consent prompt in the apps.