Cookie Policy
Effective Date: May 27, 2026 · Last Updated: May 27, 2026
This Cookie Policy explains how RIG53, Inc. (“RIG53,” “we,” “us,” or “our”) uses cookies and similar client-side storage technologies on the RIG53 platform and mobile application (collectively, the “Platform”). It should be read alongside our Privacy Policy.
1. What Are Cookies and Local Storage?
Cookies are small text files placed on your device by a website. They allow the site to remember information about your visit — such as your login state or preferences — across page loads and sessions.
Local Storage is a browser API that allows websites to store data in your browser without an expiry date. It is not transmitted to the server on each request, but it is functionally equivalent to a persistent cookie for consent-law purposes. RIG53 uses local storage (via Zustand persist) rather than traditional cookies for several items described below.
References to “cookies” in this policy cover both HTTP cookies and local storage entries, consistent with the ePrivacy Directive and national implementations (e.g., PECR in the UK).
2. Why We Use Them
- Keep you signed in across page navigation and tab reloads
- Remember your consent choice so we do not re-prompt on every visit
- Remember UI preferences (e.g., sidebar state, theme)
- Measure how users interact with the Platform to improve performance and features (analytics — consent required)
- Protect against cross-site request forgery (CSRF) attacks
We do not use cookies for behavioural advertising, sell cookie-derived data to third parties, or share cookie identifiers with data brokers.
3. Cookie Categories
Strictly Necessary — always active, no consent required
Required for the Platform to function. Without these, you cannot log in, perform secure actions, or maintain a session. These are set immediately on first visit or on authentication and cannot be disabled without breaking core functionality.
Analytics — requires consent
Help us understand how users navigate the Platform — which pages are visited, how long sessions last, and where errors occur. We use Google Analytics 4 (GA4). No analytics cookies are set until you provide consent via the banner.
Functional — requires consent
Remember non-essential UI preferences so you do not have to reset them on every visit. Examples: sidebar collapse state. Disabling these means those preferences reset each session.
Marketing — not currently active
No marketing or remarketing cookies are set on the Platform at this time. If marketing cookies are introduced in the future, this Policy will be updated and explicit consent will be requested before any such cookies are placed.
4. Full Cookie Inventory
The table below lists all cookies and local storage entries currently used by the Platform. We update this inventory when new items are added.
| Name / Key | Type | Category | Provider | Purpose | Duration |
|---|---|---|---|---|---|
| rig53-auth | Local Storage | Strictly Necessary | RIG53 | Stores your Sanctum bearer token. Required to authenticate API requests. | Session / until logout |
| rig53-consent | Local Storage | Strictly Necessary | RIG53 | Records your accept/decline cookie consent choice. Required to avoid re-prompting on every visit. | 5 years (GDPR accountability) |
| rig53-sidebar | Local Storage | Functional | RIG53 | Remembers whether the navigation sidebar is expanded or collapsed. | Persistent (no expiry) |
| _ga | Cookie (HTTP) | Analytics | Google LLC (GA4) | Distinguishes unique users and sessions for Google Analytics 4 reporting. | 2 years |
| _ga_[MEASUREMENT_ID] | Cookie (HTTP) | Analytics | Google LLC (GA4) | Persists session state for Google Analytics 4. | 2 years |
| _gid | Cookie (HTTP) | Analytics | Google LLC (GA4) | Distinguishes users for Google Analytics 4 within a 24-hour window. | 24 hours |
GA4 cookies (_ga, _ga_*, _gid) are only placed if you have accepted analytics cookies via the consent banner.
5. Legal Bases (GDPR)
For users in the EU and UK, every cookie category has a lawful basis under GDPR Art. 6 and the ePrivacy Directive:
| Category | Legal Basis | Notes |
|---|---|---|
| Strictly Necessary | Legitimate interests / Contract — Art. 6(1)(b)(f); ePrivacy Art. 5(3) exemption | No consent required. Storing these is strictly necessary to provide the service you requested. |
| Analytics | Consent — Art. 6(1)(a) | Only placed after explicit opt-in. You may withdraw consent at any time. |
| Functional | Consent — Art. 6(1)(a) | Only placed after explicit opt-in. Withdrawal means UI preferences reset each session. |
| Marketing | Consent — Art. 6(1)(a) | Not currently used. Will require explicit opt-in if introduced. |
6. Your Choices and Controls
Consent Banner
On your first visit, a banner allows you to accept or decline non-essential cookies. Strictly necessary cookies are set regardless. Your choice is stored in rig53-consent (local storage) for up to 5 years so we do not re-prompt on every visit.
Withdrawing Consent
You may withdraw consent at any time by clearing your browser’s local storage for rig53.com(browser DevTools → Application → Local Storage) or by clearing all site data in your browser settings. The banner will re-appear on your next visit. Withdrawal does not affect the lawfulness of processing before withdrawal.
Browser Controls
Most browsers allow you to block or delete cookies and local storage via their privacy settings. Note that blocking strictly necessary items (particularly the auth token) will prevent you from logging in. Consult your browser’s documentation:
- Chrome — Settings → Privacy and security → Cookies and other site data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Safari — Preferences → Privacy → Manage Website Data
- Edge — Settings → Cookies and site permissions
Google Analytics Opt-Out
In addition to declining consent via the banner, you may install the Google Analytics Opt-out Browser Add-on (available at tools.google.com/dlpage/gaoptout) to prevent GA4 measurement across all sites, regardless of consent.
EU/UK Rights
EU and UK users may also exercise the right to object (GDPR Art. 21) or withdraw consent (Art. 7(3)) by contacting us at privacy@rig53.com. We will process your request within 30 days.
7. Third-Party Cookies
The only third-party cookie provider currently active on the Platform (subject to your consent) is Google LLC, operating Google Analytics 4. Google may set cookies from the domain *.google-analytics.com. Google’s use of these cookies is governed by Google’s Privacy Policy and Google’s Data Processing Terms.
We have configured GA4 with IP anonymization enabled and data sharing with Google advertising products disabled. Analytics data is retained for 14 months.
We do not embed third-party social media pixels, ad network trackers, or chat widgets that set cookies without your knowledge.
8. Do Not Track
Some browsers transmit a “Do Not Track” (DNT) signal. There is currently no universally accepted standard for how websites must respond to DNT signals. We honor your consent choice recorded in the banner as the authoritative opt-out mechanism. If you have declined analytics cookies, GA4 is not loaded regardless of your DNT setting.
9. Consent Records
Your cookie consent choice is recorded in rig53-consent(local storage on your device). We retain this record for 5 years for GDPR accountability purposes (Art. 5(2)). This record contains your choice (accepted/declined) and the timestamp at which it was made — not any personal data beyond what is implied by your device’s session.
We may additionally log the fact of consent server-side (choice + approximate timestamp) for regulatory audit purposes. This log is retained for 5 years and is not shared with third parties.
10. Changes to This Policy
We may update this Cookie Policy when we add new cookies, change providers, or in response to changes in law. We will notify users of material changes via in-app notice or email with at least 14 days’ advance notice. The “Last Updated” date at the top of this page reflects the most recent revision.
If we add a new non-essential cookie category after you have previously accepted, we will re-prompt for consent for the new category.
11. Contact
Questions about our cookie practices or to exercise your privacy rights:
RIG53, Inc. — Privacy
Response time: 30 days (EU/UK/Canada) · 45 days (California)
EU/UK users may also contact their national supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu. The UK supervisory authority is the ICO at ico.org.uk.