Cookie Policy

Effective Date: January 1, 2025 Last Updated: December 29, 2024 Version: 1.0

---

Introduction

This Cookie Policy explains how Glow & Grow ("we," "us," or "our") uses cookies and similar technologies on our educational platform. This policy should be read together with our Privacy Policy and Terms of Service.

Important Information:

• We use minimal cookies necessary for platform functionality
• We do NOT use third-party advertising or tracking cookies
• We do NOT use cookies to track children across websites
• We comply with COPPA, GDPR, and other applicable privacy laws

Contact Information:

• Email: privacy@glowandgrow.fun
• Data Protection Officer: dpo@glowandgrow.fun

---

1. What Are Cookies?

1.1 Definition

Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. Cookies are widely used to make websites work more efficiently and to provide information to website owners.

1.2 How Cookies Work

• Cookies are stored in your browser's cookie folder
• They contain information about your interactions with the website
• They can be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain until deleted or expired)
• They can be "first-party cookies" (set by us) or "third-party cookies" (set by other services)

1.3 Similar Technologies

In addition to cookies, we may use similar technologies including:

• Local Storage: Browser storage for session data
• Session Storage: Temporary storage cleared when the browser is closed
• Authentication Tokens: Secure tokens for maintaining login sessions

---

2. What Cookies We Use

2.1 Essential Cookies (Required)

These cookies are strictly necessary for the platform to function and cannot be disabled:

Cookie Name	Purpose	Duration	Type
auth_token	Maintains user login session	Session or 7 days	First-party
locale	Stores language preference (en/fr)	1 year	First-party
session_id	Identifies user session	Session	First-party

Why We Need These:

• Authentication: To keep you logged in while you use the platform
• Language Preference: To remember if you prefer English or French
• Session Management: To provide a consistent experience across pages

2.2 Functional Cookies (Optional)

We may use functional cookies to enhance your experience:

Cookie Name	Purpose	Duration	Type
dashboard_view	Remembers dashboard layout preferences	30 days	First-party
tooltip_seen	Tracks which tooltips you've dismissed	90 days	First-party

These cookies improve usability but are not essential. You can disable them through browser settings.

2.3 Cookies We DO NOT Use

We do NOT use:

• Third-party advertising cookies: No behavioral advertising
• Third-party analytics cookies: No Google Analytics or similar services
• Social media cookies: No Facebook Pixel, Twitter tracking, etc.
• Cross-site tracking cookies: We do not track you across other websites
• Marketing cookies: We do not build advertising profiles

---

3. Why We Use Cookies

3.1 Essential Purposes

We use essential cookies to:

• Authenticate users: Keep you logged in securely
• Maintain sessions: Provide consistent experience across pages
• Remember language: Display content in your preferred language (English/French)
• Ensure security: Protect against unauthorized access and attacks
• Comply with legal requirements: Meet security and privacy obligations

3.2 User Experience

We use functional cookies to:

• Remember your preferences and settings
• Provide personalized dashboard layouts
• Reduce repetitive notifications and tooltips
• Improve navigation and usability

3.3 We Do NOT Use Cookies For

• Behavioral advertising or ad targeting
• Selling data to third parties
• Tracking children across websites
• Building marketing or advertising profiles
• Cross-site tracking

---

4. Third-Party Services

4.1 Google OAuth

When you sign in with Google, Google may set cookies to facilitate authentication. These are governed by Google's privacy policy:

• Google Privacy Policy: https://policies.google.com/privacy
• Google Cookie Policy: https://policies.google.com/technologies/cookies

We do NOT have control over Google's cookies. When you use Google Sign-In:

• Google sets cookies for authentication
• Google may collect information about your sign-in
• You can manage Google cookies through your Google account settings

4.2 No Other Third-Party Cookies

We do NOT use any other third-party services that set cookies, including:

• Analytics services (Google Analytics, etc.)
• Advertising networks
• Social media widgets
• Marketing platforms
• Tag managers

---

5. Your Cookie Choices

5.1 Browser Settings

You can control cookies through your browser settings:

Chrome:

1. Settings > Privacy and security > Cookies and other site data
2. Choose your preferred cookie setting
3. Manage site-specific permissions

Firefox:

1. Settings > Privacy & Security
2. Choose Standard, Strict, or Custom tracking protection
3. Manage cookie exceptions

Safari:

1. Preferences > Privacy
2. Choose cookie blocking preferences
3. Manage website data

Edge:

1. Settings > Privacy, search, and services
2. Choose tracking prevention level
3. Manage cookies and site permissions

5.2 Impact of Disabling Essential Cookies

If you disable essential cookies:

• You will not be able to log in
• Language preferences will not be saved
• The platform may not function properly
• You may need to re-enter information repeatedly

5.3 Impact of Disabling Functional Cookies

If you disable functional cookies:

• The platform will still function
• Your preferences will not be saved
• You may see repeated tooltips and notifications
• Dashboard layouts will reset

---

6. Children's Privacy

6.1 COPPA Compliance

We comply with the Children's Online Privacy Protection Act (COPPA):

• We only set essential cookies for children's accounts
• We do NOT use cookies for behavioral advertising to children
• We do NOT allow third parties to set cookies for children
• Parents can review and delete their child's cookies by clearing browser data

6.2 Parental Control

Parents can:

• View what cookies are set through browser developer tools
• Delete all cookies through browser settings
• Control cookie settings on devices used by children
• Contact us with questions about cookies at privacy@glowandgrow.fun

6.3 No Child Tracking

We do NOT:

• Track children across websites
• Build profiles of children for advertising
• Share children's cookie data with third parties
• Use persistent identifiers to track children (beyond authentication)

---

7. GDPR Compliance (EU Users)

7.1 Legal Basis for Cookies

For EU users, we use cookies based on:

Essential Cookies:

• Legal basis: Necessary for contract performance (providing the service)
• No consent required under GDPR Article 6(1)(b)

Functional Cookies:

• Legal basis: Legitimate interests (improving user experience)
• You may opt-out through browser settings

7.2 Your Rights Under GDPR

You have the right to:

• Know what cookies we use (this policy)
• Control and delete cookies (browser settings)
• Withdraw consent for non-essential cookies
• Lodge a complaint with your supervisory authority

7.3 Cookie Consent

When you first visit our website from the EU:

• We display information about our cookie use
• You can accept or adjust cookie preferences
• Essential cookies are explained as necessary for the service

---

8. How Long Cookies Last

8.1 Session Cookies

• Duration: Deleted when you close your browser
• Used for: Active session management
• Examples: session_id

8.2 Persistent Cookies

Cookie	Duration	Reason
auth_token	7 days (if "Remember Me" checked)	Keep you logged in between sessions
locale	1 year	Remember language preference
dashboard_view	30 days	Remember layout preferences
tooltip_seen	90 days	Avoid showing same tooltips repeatedly

8.3 Automatic Deletion

Cookies are automatically deleted:

• When they expire (based on duration above)
• When you clear your browser cookies
• When you delete your account

---

9. Updates to Cookie Usage

9.1 Changes to This Policy

We may update this Cookie Policy to reflect:

• Changes in our cookie usage
• New legal requirements
• Improvements to our services
• User feedback

When we make changes:

• We update the "Last Updated" date
• We notify users of material changes via email
• We explain what has changed

9.2 New Cookies

If we plan to use new types of cookies:

• We will update this Cookie Policy
• We will notify users via email (for material changes)
• We will request consent if required by law
• Users may opt-out or delete their account

---

10. Cookie Security

10.1 Security Measures

We protect cookies through:

• HTTPS encryption: All cookies are transmitted securely
• HttpOnly flag: Authentication cookies cannot be accessed by JavaScript
• Secure flag: Cookies only transmitted over HTTPS
• SameSite attribute: Protection against cross-site request forgery
• Regular expiration: Cookies expire and require re-authentication

10.2 What We Store in Cookies

We DO store:

• Session identifiers (random strings, no personal info)
• Authentication tokens (encrypted)
• Language preference codes ("en" or "fr")
• Non-personal preference settings

We do NOT store:

• Passwords (even encrypted)
• Personal information (names, emails, etc.)
• Financial information
• Sensitive personal data

---

11. Technical Information

11.1 Cookie Attributes

Our cookies use these security attributes:

Set-Cookie: auth_token=<token>;
  HttpOnly;
  Secure;
  SameSite=Strict;
  Max-Age=604800;
  Path=/

Explanation:

• HttpOnly: Prevents JavaScript access
• Secure: Only sent over HTTPS
• SameSite=Strict: Prevents cross-site sending
• Max-Age: Expiration time in seconds
• Path=/: Available across entire site

11.2 Local Storage

We use browser Local Storage for:

• Caching user data to improve performance
• Storing non-sensitive preferences
• Temporary session data

Local Storage is:

• Stored only in your browser
• Not transmitted to our servers automatically
• Cleared when you clear browser data
• Limited to 5-10MB per domain

---

12. International Data Transfers

12.1 Cookie Data Location

Cookie data is stored:

• Locally in your browser (on your device)
• On our servers when transmitted during requests
• Not shared with third parties (except Google OAuth)

12.2 Cross-Border Transfers

If you access our service from outside [Server Location]:

• Cookies may be transmitted to our servers
• We ensure GDPR-compliant safeguards for EU users
• We comply with applicable data transfer laws

---

13. Contact and Complaints

13.1 Cookie Questions

For questions about cookies:

• Email: privacy@glowandgrow.fun
• Subject: "Cookie Policy Inquiry"
• We respond within 30 days

13.2 Data Protection Officer (GDPR)

For EU-related cookie concerns:

• Email: dpo@glowandgrow.fun
• DPO Name: [To be assigned]

13.3 Supervisory Authority (EU)

EU users can lodge complaints with their data protection authority:

• Find your authority: https://edpb.europa.eu/about-edpb/board/members_en

---

14. Additional Resources

14.1 Learn More About Cookies

• All About Cookies: https://www.allaboutcookies.org/
• Your Online Choices (EU): https://www.youronlinechoices.com/
• Network Advertising Initiative: https://www.networkadvertising.org/

14.2 Related Policies

This Cookie Policy should be read with:

• Privacy Policy: Full explanation of data practices
• Terms of Service: Rules for using the platform

---

Summary

Quick Reference:

• We use only essential and functional cookies
• No third-party advertising or tracking
• No cookies used to track children across sites
• You can control cookies through browser settings
• Essential cookies required for login and basic functionality

What We Use:

• Authentication (keep you logged in)
• Language preference (English/French)
• Session management

What We DON'T Use:

• Third-party analytics
• Advertising cookies
• Cross-site tracking
• Social media cookies

---

This Cookie Policy is effective as of January 1, 2025.

For the French version of this policy, see: Politique des Cookies (Français)