This Cookies Policy explains how Pointbasin™ ("Pointbasin", "we", "us", or "our") uses cookies and similar technologies on pointbasin.com and our mobile applications (collectively, the "Services"). It should be read together with our Privacy Policy. This Policy is designed to comply with the EU ePrivacy Directive (2002/58/EC) as implemented in each Member State, the GDPR, the UK Privacy and Electronic Communications Regulations ("PECR"), and equivalent laws in other jurisdictions, including the CCPA/CPRA.
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. Similar technologies include web beacons, pixels, software development kits (SDKs), local storage, and session storage. We refer to all of these collectively as "cookies" in this Policy.
Cookies can be session (deleted when you close your browser) or persistent(remain for a defined period). They can be set by us (first-party) or by third parties whose services we use (third-party).
2. Categories of Cookies We Use
2.1 Strictly necessary
Required for the Services to function, including authentication, session management, load balancing, fraud prevention, and security. These cookies do not require consent under EU law.
- sb-access-token, sb-refresh-token: authenticate your session (first-party, session).
- pointbasin_csrf: protects against cross-site request forgery (first-party, session).
2.2 Functional
Remember your preferences (language, currency, region, role) to personalise your experience. Set only with consent where required by law.
- pb_locale, pb_currency, pb_theme: persistent, up to twelve months.
2.3 Analytics and performance
Help us understand how users interact with the Services so we can improve them. Where required, we set these only after you consent, and we configure them to use pseudonymous identifiers and aggregated reports.
- pb_analytics_id: first-party, persistent, up to thirteen months.
- Third-party analytics processors are bound by GDPR Art. 28 contracts and EU Standard Contractual Clauses where applicable.
2.4 Marketing
Used to measure the effectiveness of our campaigns. We do not use cookies for cross-context behavioural advertising. Where set, marketing cookies are activated only after you opt in.
3. Legal Basis
We rely on your consent under Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR for all non-essential cookies. Strictly necessary cookies are set on the basis of our legitimate interest in operating the Services securely (Art. 6(1)(f) GDPR) and the ePrivacy exemption for technically necessary storage.
4. Your Choices
- Consent banner: when you first visit the Services from the EEA, UK, Switzerland, or another consent-required jurisdiction, you can accept, reject, or customise non-essential cookies. You can revisit these choices at any time via the "Cookie preferences" link in the footer.
- Browser controls: most browsers let you block or delete cookies. Note that blocking strictly necessary cookies may break parts of the Services.
- Do Not Track / Global Privacy Control (GPC): we honour valid GPC signals for users in jurisdictions where it is legally recognised.
- Mobile identifiers: you can reset or limit ad tracking through your device settings.
5. Third-Party Cookies
Some pages embed content or features from third parties (e.g., payment processors, identity providers, agent platforms). Those providers may set their own cookies, governed by their own policies. We share data with these providers only as described in our Privacy Policy.
6. Data Transfers
Where cookie data is transferred outside the EEA, UK, or Switzerland, we use appropriate safeguards, including Standard Contractual Clauses, the UK International Data Transfer Addendum, and supplementary technical measures.
7. Retention
Cookie lifetimes are listed alongside each category above. We periodically review cookie usage to remove cookies that are no longer necessary.
8. Changes
We may update this Policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be communicated through the Services or by email where appropriate.
9. Contact
For cookie-related questions, contact privacy@pointbasin.com.