Cookie Policy
Last updated: 26 February 2026
This policy explains how the bpr.rehab website uses cookies and similar technologies. We comply with the Privacy and Electronic Communications Regulations (PECR) and the UK GDPR.
1. What Are Cookies and Similar Technologies?
Cookies are small text files stored on your device when you visit a website. "Similar technologies" include browser fingerprinting, local storage (localStorage), and web beacons.
Our website primarily uses localStorage and browser fingerprinting rather than traditional tracking cookies. Under PECR, these technologies require the same level of consent as cookies.
2. Technologies We Use
| Name | Type | Purpose | Duration |
|---|---|---|---|
| next-auth.session-token | Cookie | User session authentication | Session |
| next-auth.csrf-token | Cookie | CSRF attack protection | Session |
| next-auth.callback-url | Cookie | Redirect URL after login | Session |
| bpr_cookie_consent | localStorage | Stores your cookie consent preferences | Persistent |
| locale | localStorage | Language preference (EN/PT) | Persistent |
| Technology | Type | Purpose | Data |
|---|---|---|---|
| Browser Fingerprint | Similar technology | Identify unique visitors without cookies | Canvas hash, UA, screen, language, timezone |
| Page View Tracking | sendBeacon API | Record pages visited, time on page, scroll depth | URL, title, time, scroll % |
| Click Tracking | sendBeacon API | Generate user interaction heatmaps | x/y position, clicked element |
| IP Geolocation | Server-side lookup | Approximate visitor country and city | IP → country, city |
We currently do not use any marketing cookies or technologies. If we introduce them in the future, we will update this policy and request your consent.
3. How to Control Cookies and Tracking
a) Consent banner:
When you first visit our site, a consent banner allows you to accept or reject non-essential cookies and tracking technologies. You can change your preferences at any time.
b) Browser settings:
You can set your browser to block or alert you about cookies. Note that blocking strictly necessary cookies may affect how the site functions.
c) Fingerprinting opt-out:
Browser fingerprinting is only activated after you give consent in the "Analytics" category. If you reject analytics cookies, no fingerprint will be generated and no browsing data will be collected.
4. Third-Party Services
Our analytics system is 100% proprietary. We do not use Google Analytics, Facebook Pixel, or any other third-party tracking service. The only external services that may set cookies are:
- Stripe — For payment processing (strictly necessary cookies)
5. Legal Framework
This policy complies with:
- PECR — Privacy and Electronic Communications Regulations 2003 (as amended 2011 and 2018)
- UK GDPR — UK General Data Protection Regulation
- DPA 2018 — Data Protection Act 2018
The ICO (Information Commissioner's Office) is the UK supervisory authority for data protection and electronic privacy.
Website: ICO Cookie Guidance
Questions?
For questions about cookies or privacy, contact: admin@bpr.rehab