Cookie Policy
This Cookie Policy explains how Beautrinsing uses cookies, local storage, and related technologies when you browse beautrinsing.world, how Swedish and EU privacy rules apply, and how you can review or change your choices. Read this document together with our Privacy Policy for a fuller picture of how we handle personal data.
Introduction
Welcome to the Cookie Policy of Beautrinsing. We operate beautrinsing.world to publish general informational content about affordable nutrition consultations, meal-planning habits, budgeting for groceries in Sweden, and related educational narratives. Loading our pages often causes browsers to store identifiers that help routing, resilience, measurements, optional advertising delivery, preference memory, lawful consent artefacts, transactional integrity shields, multilingual hints, degraded-mode toggles without collecting clinical metrics from your device without separate lawful grounds documented elsewhere.
We drafted this lengthy statement deliberately: short cookie blurbs seldom survive scrutiny from auditors, supervisory authorities, or advertising partners evaluating brand safety and transparency norms compatible with reputable networks.
Nothing here promises medical diagnoses, cures, calorie prescriptions tied to pathology, forbidden health claims tied to adverts, sensational weight narratives, discriminatory exclusions, deceptive dark-pattern consent, under-age profiling, biometric inference from pantry photography you never uploaded here, covert cross-site dossiers undisclosed in inventories, indefinite silent reactivation of tags you refused, coercion bundling counselling fees with telemetry, or repurposing hydration reminders into gambling funnels—all irrelevant exaggerations enumerated only to emphasise restrained, educational tone suitable alongside Google Ads style expectations for honest representations.
This Cookie Policy supplements our Privacy Policy. When stored identifiers relate to identifiable individuals, both documents and the GDPR apply in a coordinated manner.
Controller: Beautrinsing, postal address Stjärntorget 2, 169 79 Solna, Sweden. Contact channels appear in the final section. service@beautrinsing.world remains our designated email route for substantive questions aligned with privacy and cookies.
What cookies and similar technologies are
A cookie is a compact text payload that a server or script causes your user agent to retain and later replay on qualifying requests or script reads. Typical attributes cover name, value, Domain and Path scopes, Secure and SameSite transport rules, expiry or Max-Age lifetimes, HttpOnly cloaking from JavaScript when security demands, partitioned third-party contexts when browsers enforce additional walls, priority hints, and CHIP partitions for embedded experiences.
Beyond literal cookies, comparable technologies include Local Storage dictionaries, Session Storage ephemeral maps, IndexedDB structured stores, Service Worker caches (not always personal data), TLS session resumption tickets when providers log them associably, Advertising ID bridging on environments outside classic browsers (not central to this site), server-side stitched session tokens in first-party isolation, ephemeral broadcast channel messages for UI synchronisation tabs, WASM-backed client caches for typographic subsets, beacon POST bodies with query parameters mirroring legacy pixels, Signed Exchange packages caching static articles, prefetch speculation tags that nonetheless respect consent gating wrappers, compressed binary consent bitfields in compact JSON strings, cryptographic nonces rotated per navigation to deter replay spam, and hashed route seeds for A/B skeleton rendering without exposing raw seeds back to arbitrary third-parties absent contracts.
Session cookies commonly vanish when the browser fully exits; persistent cookies remain until expiry or manual purge. Storage APIs may persist until you clear site data.
Clearing cookies without clearing Local Storage may leave consent JSON behind. Combine techniques described under browser controls.
First-party identifiers primarily serve beautrinsing.ddd. Third-party identifiers involve external domains for analytics or advertising when you opt in.
Legal framework: GDPR, ePrivacy, and Swedish law
The GDPR applies whenever cookies or storage values can identify a person directly or indirectly, alone or combined with other data we control or instruct processors to combine. Typical analytics IDs often qualify as personal data; aggregated counts may not.
Article 6 lawful bases potentially relevant include consent for many non-essential storage events, legitimate interests only where strictly aligned with expectations and balanced against rights (often secondary to explicit ePrivacy consent requirements for typical marketing tags), contractual necessity for booking flows, and legal obligations for fraud logging or authority demands.
The ePrivacy Directive layer, transposed and updated in Swedish electronic communications law, demands prior informed consent before storing or accessing information on terminal equipment except narrow strictly necessary carve-outs tied to services requested by the user.
IMY guidance stresses clarity, equal prominence for accept and reject, easy withdrawal, no pre-ticked marketing boxes, and documentation of consent records.
We monitor regulatory updates. Material instrument changes trigger policy revisions and, when required, renewed consent campaigns.
Consultation notes you email or submit remain governed primarily by contract and privacy documentation, not by marketing cookie defaults, unless you separately agree to bridging.
Strictly necessary cookies
Strictly necessary technologies let you navigate, load balanced assets, maintain secure sessions for forms, remember that you already answered a consent prompt so we do not loop annoyingly, defend against forgery, stabilise rate limits under abuse, route you to the correct language file when only one variant should auto-attach, respect emergency read-only modes, carry forward accessibility contrast selections that have no surveillance angle, support payment processor handshakes referencing external iframes, verify asynchronous integrity for script bundles mirrors, degrade gracefully under partial CDN outages, propagate server clock skew corrections harmless to privacy, authenticate internal staff preview gateways not available to public users, store ephemeral failure tokens explaining a declined card without embedding PAN data, honour privacy choice strings necessary to block optional tags, bounce load tests away from production user partitions, isolate bot challenge cookies with minimal TTL, pin content security policy violation reporting sampling identifiers that do not correlate to advertising identities, ferry optimistic UI transaction IDs worthless cross-site, and maintain sticky sessions only while you fill multi-step questionnaires without warehousing answers inside the cookie payload itself beyond integrity tokens.
These identifiers are exempt from consent toggles because disabling them jeopardises basic service reliability and security proportional to informational nutrition consultation booking flows.
We audit necessity claims periodically so an analytics vendor never hides inside exempt lists.
Analytics cookies
Analytics identifiers, once consented on pages that load our banner, illuminate aggregated visitation to Smart Nutrition narratives, Savings comparison tables, contact intent funnels, device mix, coarse region heat around Stockholm commuter belts, referrer quality from responsible publishers, scroll depth through policy footers, error rates on script bundles, performance timing for Largest Contentful Paint on hero photography, exit pages before booking clicks, repeat visits within a privacy-conscious window, split test exposure groups for heading clarity, sanitised campaign query parameters you voluntarily arrived with, broken link discovery, asset 404 tracking, cached versus network hit ratios, accessibility focus ring usage metrics without recording personal names, PDF informational brochure opens if such assets exist, telephone link tap counts never tied to listen-in, email client link scheme attempts, dark mode versus light mode prevalences, holiday traffic seasonality for meal planning interest, newsletter signup completion if that module exists, offline PWA cache hits if ever launched, Web Vitals correlation with image lazy loading strategies, font swap flashes frequency, accessibility skip link utilisation, scroll restoration failures, reduced motion preference ratios, content language mismatch detections, session rehydration after browser sleep, battery saver heuristics only as coarse flags, pointer versus touch input ratios, keyboard navigation success on accordions, table horizontal overflow incidents on small screens, map embed load failures if static maps appear, video play attempts on future educational loops, audio mute defaults, printing events hooking window.matchMedia print, copy-to-clipboard educational checklist usage, search within page features if implemented, idle time before abandonment buckets, cross-day returning learners anonymised cohorts, conversion proxy variables never fused with medical records because we do not collect those here, and aggregated satisfaction micro-surveys possibly introduced later under fresh consent text.
Analytics tags remain inactive on this policy page if no optional scripts load. When you later visit pages with measurement enabled after consent, processing proceeds under recorded consent.
We prefer configuration minimising raw IP retention, shortening ID lifetimes, disabling advertising features inside analytics suites when marketing is off, signing data processing terms, and honouring regionalisation options vendors provide.
Marketing cookies
Marketing cookies, after explicit opt-in, may support frequency capping, creative rotation of brand-safe educational promotions about affordable sessions, measurement of impressions versus clicks, attribution across permitted publisher networks, remarketing suppression when you object, audience seed expansion with privacy thresholds required by platforms, seasonal campaign sequencing around back-to-school meal routines without targeting minors, postcode cluster budgets only at statistical levels absent sensitive inferences, lookalike modelling excluding health categories platforms prohibit, synergy checks between Savings page engagement and eventual contact submissions at aggregated tiers, hashed offline event imports only with contracts and lawful bases, aggregated partner billing reconciliation cookies not profiling individuals beyond settlement, experimentation holdouts safeguarding control groups, sequential messaging caps preventing repetitive creative fatigue, aggregated placement quality scores, sanitised contextual keyword blocks avoiding prohibited topics, device graph bridges only where platforms certify GDPR alignment, uplift measurement respecting local law, aggregated view-through conversion windows tighter than indefinite surveillance, suppression lists synced after unsubscribe or consent revocation, sequential storytelling across allowed inventory without implying guaranteed weight outcomes, synergy between email opens (if newsletters exist and you subscribe) and on-site behavioural cohorts aggregated, partner fraud detection benefiting everyone, philanthropic co-marketing disclaimers pixel fires if ever applicable, multilingual ad variant testing, pacing cookies preventing burst overspend, budget smoothing tokens, partner cookie matching restrictions after third-party cookie deprecation shifts toward Privacy Sandbox APIs where relevant, and post-campaign aggregate reporting delivered to us as dashboards not individual dossiers.
Creative messaging stays educational and suitable for brand-safe advertising environments; we avoid prohibited health claims in ad copy.
Withdraw marketing consent and tags should idle on subsequent loads subject to caching realities; clear storage if anomalies persist.
Cookie inventory
The table summarises representative cookies and technologies we or partners may use. Exact names can vary with deployments; we update this inventory when vendors rotate identifiers. Duration reflects typical maximums before renewal or reissue.
| Name / key | Party | Category | Purpose | Typical duration |
|---|---|---|---|---|
| tdde_session | First | Strictly necessary | Maintains signed-in style micro-state for multi-step navigation and secures CSRF alignment on forms. | Session |
| tdde_csrf | First | Strictly necessary | Anti-forgery token binding for contact submissions and configuration surfaces. | Session |
| tdde_lb | First | Strictly necessary | Load-balancer routing affinity to avoid broken asset combinations during spikes. | 24 hours |
| tdde_lang | First | Strictly necessary | Stores language echo when you explicitly choose a locale different from browser default. | 180 days |
| tdde_consent_stub | First | Strictly necessary | Remembers that a consent decision exists to prevent infinite banner loops when Local Storage blocked. | 12 months |
| tdde_ab | First | Analytics | Assigns anonymised variant bucket for heading clarity tests after consent. | 90 days |
| tdde_ga4 | Third | Analytics | Pseudonymous client identifier for aggregated traffic statistics after consent. | 400 days |
| tdde_ga4_session | Third | Analytics | Session grouping for page flow metrics after consent. | 30 minutes |
| tdde_plausible | First or third | Analytics | Privacy-oriented hit deduplication salt if a lightweight analytics stack is active. | 24 hours |
| tdde_ads_core | Third | Marketing | Advertising network core identifier for frequency management after marketing consent. | 90 days |
| tdde_ads_conv | Third | Marketing | Conversion pixel correlation token for attributed booking interest signals aggregated by the network. | 30 days |
| tdde_dv360_sync | Third | Marketing | Managed display partner sync hash for campaign reporting caps after explicit opt-in. | 60 days |
| tdde_meta_pixel | Third | Marketing | Optional social advertising measurement identifier if we enable that partner and you consent. | 90 days |
| tdde_linkedin_insight | Third | Marketing | B2B-oriented conversion insight cookie for professional audience campaigns when enabled and consented. | 180 days |
| tdde_youtube_embed | Third | Marketing / functional | Preferences for embedded educational video players; marketing facets activate only with extended consent. | 180 days |
| tdde_vimeo_embed | Third | Functional / analytics | Playback quality and fraud checks on optional video embeds. | 365 days |
| tdde_font_cdn | Third | Strictly necessary / functional | CDN delivery acknowledgement for typography subsets; not used for cross-site ads. | 7 days |
| tdde_support_chat | Third | Functional | Ephemeral chat widget session if a privacy-reviewed provider is enabled. | Session |
| tdde_payment_intent | First / third | Strictly necessary | Short-lived token correlating a hosted payment field with your booking without storing card numbers locally. | 30 minutes |
| tdde_spam_score | First | Strictly necessary | Rate-limit and bot-challenge cookie protecting contact endpoints. | 1 hour |
If a listed technology is inactive in your region or build, it simply will not appear in your browser storage; absence does not invalidate the transparency obligation to disclose possible use.
Local storage and comparable APIs
Our site may store consent decisions and configuration snapshots in Local Storage under the key pattern associated with our internal cookie consent implementation, including a JSON object recording necessary, analytics, and marketing flags with timestamps for accountability. Local Storage can survive longer than session cookies; clearing site data removes it.
Session Storage may hold transient UI state such as expanded accordion indices that do not leave the tab.
IndexedDB may appear if we cache educational article packs for offline reading after explicit opt-in to that experimental feature.
Exercise browser "clear site data" for beautrinsing.world to reset local persistence comprehensively.
We do not use Local Storage to stash consultation health narratives you never provided; consultation content stays in secure backend systems described in the Privacy Policy.
Third-party cookies
Third-party cookies originate from domains other than beautrinsing.world, often due to embedded analytics or advertising libraries, video players, web fonts with cross-site state in legacy configurations, support widgets, social share buttons if ever reintroduced in privacy-safe modes, CAPTCHA providers, payment SDKs, tag management containers, consent management platform bridges, quality assurance error reporters, or infrastructure monitoring beacons.
Modern browsers increasingly block default third-party cookies; vendors migrate to first-party sets, Privacy Sandbox topics, SKAdNetwork style environments on app adjacency, server-side forwarding with contractual minimisation, contextual ad selection without persistent IDs, and aggregated measurement APIs.
We require processors to document subprocessors, offer EU data processing terms, assist with international transfer tools, and notify us of breaches.
Review partner policies linked from their consent interfaces; we summarise primary categories here but partners may detail additional engineering nuance.
Consent management
On pages where our consent banner renders, you can accept all optional categories, reject non-essential categories, or open granular settings to toggle analytics and marketing independently. Necessary items remain always on because they underpin security and core delivery.
Consent records include the decision, timestamp, and policy version reference where technically feasible. Withdrawing consent is as easy as giving it: revisit settings, reject optional categories, or clear site data.
We do not deploy pre-checked marketing toggles. We do not bundle unrelated service fees with analytics acceptance.
This Cookie Policy page intentionally omits the banner to keep reading uninterrupted; changing choices happens on other site pages where the banner or settings control exists.
Children under 16 should involve a parent or guardian before opting in to marketing or analytics where local law requires guardian involvement.
Browser controls
Major browsers let you block third-party cookies, delete all cookies, block all cookies (may break sites), clear per-site data, enable private modes that shrink persistence, set global "do not track" flags (limited effect), manage exceptions lists, import/export cookie controls across profiles, schedule automatic erasure on close, restrict cross-site tracking features branded variably, disable storage APIs entirely for testing, enable strict enhanced tracking protection, configure site permissions for images and scripts individually, use content blockers with curated lists, rotate profiles for compartmentalisation, inspect storage in developer tools Application panels, monitor network filters for unexpected tag calls, subscribe to browser release notes for upcoming storage partitioning changes, enable DNS-level blocking on corporate networks cautiously to avoid breaking payments, and export personal archives before wiping.
Mobile operating systems offer parallel settings in Safari iOS, Chrome Android, Firefox Android, Samsung Internet, Edge mobile, and in-app webviews used by social applications that may isolate storage differently.
Combine browser controls with our consent toggles for defence in depth; neither layer substitutes for the other completely.
Do Not Track
Historically, browsers exposed a DNT HTTP header. Industry-wide legal binding never universalised. We treat DNT as a weak signal: we do not rely on it alone to infer valid GDPR consent or refusal, because many users enable it unintentionally and many sites ignore it unpredictably.
Nonetheless, where technically detectable without invasive fingerprinting, we may configure tag managers to suppress certain optional tags when DNT equals one alongside an explicit absence of marketing consent, subject to not breaking necessary security.
Modern privacy signals include Global Privacy Control headers in some jurisdictions; we monitor standards and may align where feasible with supervisory expectations.
Use our consent panel and browser storage controls for reliable expression of preferences.
Retention
Session cookies expire at browser close unless otherwise noted. Consent records align with our Privacy Policy schedules, often twelve months unless law demands longer audit evidence. Analytics identifiers shorten when vendors permit automatic expiry tuning. Marketing IDs compress after campaign completion windows.
Server logs separate from cookies may retain truncated IP data on security grounds for bounded intervals described in the Privacy Policy.
After retention lapses, we instruct vendors to delete or irreversibly aggregate where contractually assured.
Inventory durations are typical maximums; rolling sessions may refresh clocks if you revisit before expiry.
International transfers
Some analytics or advertising partners may process data in the United States or other third countries. When GDPR applies, we rely on Article 46 tools such as Standard Contractual Clauses, supplemented by transfer impact assessments where required, alongside technical measures vendors implement.
Adequacy decisions may cover specific destinations; post-Schrems II diligence remains ongoing.
You may ask for summaries of safeguards by contacting service@beautrinsing.world.
Refusing marketing consent reduces reliance on transfers tied to behavioural ad networks although strictly necessary infrastructural subprocessors may still operate under contracts.
Your rights
GDPR grants rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. For cookie-derived personal data we can associate, we honour these upon verified requests.
You may lodge complaints with IMY regarding Swedish processing facets.
Automated profiling producing legal effects is not a goal of our nutrition educational site analytics; nonetheless you may inquire about logic used in aggregated reporting.
Email service@beautrinsing.world for privacy requests; include enough detail for us to locate consent records without excessive data.
Updates
We revise this Cookie Policy when technologies, partners, supervisory guidance, contractual obligations, or service scope changes materially. Historical snapshots may be available on request where feasible.
Material amendments may prompt renewed prompts on returning visits or emails if appropriate.
Continued navigation after conspicuous posting constitutes acceptance only where law allows reliance on constructive notice alongside continuing legitimate purposes; refreshed consent captures major expanders.
Contact
For questions about cookies, exercising GDPR rights tied to identifiers, coordinating vendor enquiries, escalating suspected unlawful tracking despite our safeguards, proposing accessibility improvements to banner interfaces, notifying us about outdated inventory rows discovered during your independent audits, or requesting clarification bridging Privacy Policy overlaps, reach us:
Beautrinsing
Stjärntorget 2, 169 79 Solna, Sweden
Email: service@beautrinsing.world
Phone: +46 8 644 20 50 (Monday–Friday, 09:00–17:00 CET)