Cookie Policy

Last updated: 15 April 2026

1. Who we are and what this document covers

This Cookie Policy explains how shkiper.app (the "Site") uses cookies and similar technologies (browser local storage, session markers). The Site is operated by Sole Proprietor Valentin Morev (ИП Морев В.В.), registered in the Russian Federation ("we", "us", "the operator"). This Policy applies to the shkiper.app website and its subdomains. The Shkiper mobile apps for iOS and Android do not use cookies — they rely on the operating system's built-in preference storage (UserDefaults / SharedPreferences), as described in section 8.

If you have any questions after reading this Policy, please email privacy@shkiper.app with the subject line "Cookies". We respond within 30 days, and within the timeframes required by the GDPR / UK GDPR for residents of the EU/EEA and the United Kingdom.

2. What cookies are and why they are used

A cookie is a small text file that a website stores in the user's browser. On return visits the site reads the file and "recognises" the device — remembering, for instance, the selected interface language, preserving a signed-in state, or enabling payment flows. Cookies can be session cookies (deleted when the browser closes) or persistent cookies (kept until their Max-Age expires). First-party cookies are set directly by the visited site; third-party cookies are set by external services embedded on the page.

Cookies are conventionally grouped into four categories by purpose:

Strictly necessary — the site cannot function without them: authentication, security, storing a user-selected language preference.
Functional — improve usability by remembering preferences and personalising the interface.
Analytics — collect anonymised visit statistics (Google Analytics, Yandex Metrica, etc.).
Marketing — used for targeted advertising and retargeting.

3. Cookies we actually use

Today shkiper.app sets exactly one first-party cookie. We do not use Google Analytics, Yandex Metrica, Facebook Pixel, advertising networks, or any other third-party trackers. We do not use cookies to build advertising profiles, and we do not share cookie-derived data with third parties for marketing purposes.

`lang`

Domain: .shkiper.app

Purpose: Remembers your chosen interface language (RU/EN) so that the site loads in the correct language on subsequent visits.

Category: Strictly necessary (functional)

Duration: 12 months (Max-Age 31,536,000 seconds)

Provider: First-party (shkiper.app)

The lang cookie is set only after you explicitly choose a language (via the header switcher or the locale picker on first visit). Until that moment, nothing is written to your device beyond the HTTP headers technically required to deliver the page.

In addition to cookies, your browser may use local storage (localStorage) to temporarily retain form data and UI state. This data is never transmitted to our server and is cleared when you clear site data in your browser.

4. Third-party cookies and OAuth providers

The shkiper.app site itself does not set any third-party cookies. However, if you choose to sign in with Google, Yandex or Apple, we redirect you to the provider's domain (accounts.google.com, passport.yandex.ru, appleid.apple.com), where the provider sets its own cookies on its own domains. Those cookies are governed by the provider's policy, not ours:

Google — policies.google.com/technologies/cookies
Yandex — yandex.com/legal/cookies_policy
Apple — apple.com/legal/privacy/data/apple-id
Amazon Web Services (CloudFront) — our hosting provider; we do not use its cookie features (signed cookies are disabled).

After successful authentication, we receive only an authorisation code and basic profile data (email, name) from the provider. No provider cookies appear on the shkiper.app domain.

5. Legal bases

The legal basis for using cookies depends on your jurisdiction:

EU/EEA and UK: Article 5(3) of the ePrivacy Directive 2002/58/EC and Article 6(1)(f) of the GDPR / UK GDPR. The lang cookie is strictly necessary and functional because it stores an explicit user choice; it falls within the consent exemption recognised by EDPB/WP29 Opinion 04/2012. No prior consent banner is required; disclosure in this Policy is sufficient.
Russian Federation: Federal Law No. 152-FZ "On Personal Data". The lang cookie on its own contains no personal data (no user identifier) and is used to provide the technical functioning of the Site, which corresponds to clause 5, part 1, article 6 of 152-FZ (processing necessary to provide the requested service).
California (CCPA/CPRA): we do NOT sell and do NOT share personal information derived from cookies with third parties for advertising purposes. Accordingly, the "Do Not Sell or Share My Personal Information" right applies to us only in the sense of confirming the absence of such practices (see section 9).
Other jurisdictions: we apply the strictest of the applicable standards.

If we introduce analytics or marketing cookies in the future (see section 6), the legal basis will be your explicit prior opt-in consent, collected through a cookie banner with equally prominent "Accept All" and "Reject All" buttons.

6. How to refuse and delete cookies

Because we set only one necessary cookie (lang), we do not currently operate an in-app consent preference centre. You can delete the cookie or block it at any time through your browser. Official instructions are linked below:

Google Chrome — support.google.com/chrome/answer/95647
Apple Safari — support.apple.com/guide/safari/manage-cookies
Mozilla Firefox — support.mozilla.org/kb/clear-cookies-and-site-data-firefox
Microsoft Edge — support.microsoft.com/microsoft-edge/delete-cookies

Most browsers also support the Global Privacy Control (GPC) signal and the "Do Not Track" setting. We honour the GPC signal as a valid opt-out of sale/sharing under the CCPA/CPRA.

7. What happens if you block cookies

Blocking cookies will not lock you out of the Site. Virtually all shkiper.app features, including browsing product information, reading legal documents, and following links to install the mobile app, will continue to work.

The only practical drawback is that the Site will not remember your language preference. On each new visit it will apply the language suggested by your browser's Accept-Language header, and you will need to switch languages again manually. No other restrictions result from blocking cookies.

8. Mobile apps

The Shkiper mobile apps for iOS and Android do not use HTTP cookies. User preferences (language, sign-in state) are stored through the operating system's native mechanisms: UserDefaults (iOS), SharedPreferences (Android), and Secure Storage for authentication tokens. We do not embed analytics SDKs or advertising SDKs that track users across apps. The apps do not use Apple IDFA (Identifier for Advertisers) or Google AAID (Advertising ID) for marketing purposes.

9. Notice for California residents (CCPA/CPRA)

Within the meaning of the California Consumer Privacy Act and the California Privacy Rights Act, we do NOT sell and do NOT share personal information obtained through cookies or any other means — including for cross-context behavioural advertising. The Site contains no advertising pixels, DSP integrations, or other mechanisms that would cause data transfers to qualify as a "sale" or "share" under the CPRA.

We honour the Global Privacy Control (GPC) signal as a valid opt-out request. You may also submit access, deletion and correction requests under the "Your rights" section of our Privacy Policy.

10. Notice for residents of the Russian Federation

The operator is Sole Proprietor Valentin Valentinovich Morev. A notice of personal-data processing is in the process of being filed with Roskomnadzor; the registration number will be published in the Privacy Policy once assigned. Complaints about the processing of cookies and other personal data may be submitted to the operator at privacy@shkiper.app or to Roskomnadzor (rkn.gov.ru). The lang cookie is used solely to support the technical operation of the Site and is not transferred to advertising networks or other third parties.

11. When we add analytics — our consent banner commitment

If in future we deploy Google Analytics 4, Yandex Metrica, or any other analytics or marketing tool, a full cookie consent banner will be rolled out on the Site before those tools are activated. The banner will meet the requirements of the EDPB, the UK ICO and Roskomnadzor: equally prominent "Accept All" and "Reject All" buttons on the first layer, granular category toggles on the second layer, no pre-ticked boxes or dark patterns, and retention of consent proof for at least 12 months. Tags and scripts will not load until consent is granted (tag blocking). This Policy will be updated accordingly, and the table in section 3 will be extended with the new cookies, their providers, durations and legal bases.

12. Changes and contact

We may update this Policy from time to time to reflect changes in the cookies we use, in applicable law, or in our infrastructure. The current version is always available on this page; the last-updated date is shown under the heading. We will notify users of material changes (for example, the addition of analytics) through an on-site banner and/or by email. For any questions about cookies, please email privacy@shkiper.app.

See also: Privacy Policy and Terms of Service.