1. What Are Cookies
Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, to provide information to website owners, and to enhance the user experience.
Cookies can be "first-party" (set by the website you are visiting) or "third-party" (set by a different website, such as an embedded service). They can also be "session cookies" (deleted when you close your browser) or "persistent cookies" (remain on your device for a set period).
This Cookie Policy explains what cookies and similar technologies our Platform uses, why we use them, and your choices regarding their use.
2. Our Approach to Cookies
Getcovery has been designed with privacy in mind. We use only the minimum cookies necessary for our Platform to function correctly. Specifically:
- We do NOT use advertising or marketing cookies.
- We do NOT use analytics or tracking cookies (no Google Analytics, no Meta Pixel, no similar services).
- We do NOT use social media tracking cookies.
- We do NOT use any cookies for profiling or behavioural targeting.
All cookies set by our Platform are strictly necessary for its operation. This means they are essential for you to use core features such as logging in, making a booking, or tracking your vehicle recovery.
3. Cookies We Use
The following table provides a complete list of all cookies set by our Platform:
Cookies set by the Getcovery Platform| Cookie Name | Purpose | Category | Type | Duration | Security Properties |
|---|
| sb-*-auth-token | Authentication session cookie. Set automatically by our authentication system (Supabase) when you log in. This cookie maintains your authenticated session so you do not need to re-enter your credentials on every page. The cookie is refreshed automatically to keep your session active. | Strictly Necessary | First-Party | Session-based with automatic refresh | Secure, SameSite |
| getcovery_tracking_token | Booking tracking access cookie. Set after you complete payment for a booking. This cookie allows you to access the real-time tracking page for your vehicle recovery or transport job. Without this cookie, you would not be able to view your driver's location or booking status after payment. | Strictly Necessary | First-Party | 24 hours | HttpOnly, Secure, SameSite: Strict |
3.1 Cookie Security Explained
We implement the highest security standards for our cookies:
- HttpOnly: The tracking cookie cannot be accessed by JavaScript running on the page. This protects against cross-site scripting (XSS) attacks that attempt to steal session tokens.
- Secure: Cookies are only transmitted over encrypted HTTPS connections, never over unencrypted HTTP.
- SameSite: Strict: The tracking cookie is never sent with cross-site requests. This provides robust protection against cross-site request forgery (CSRF) attacks.
4. Local Storage (Browser Storage)
In addition to cookies, we use browser local storage in one specific case:
Browser local storage used by Getcovery| Storage Key | Purpose | Data Stored | Duration | Sensitive Data? |
|---|
| Booking form draft | Saves your incomplete booking form progress so you can resume it if you close the browser or navigate away. This is a convenience feature to prevent you from having to re-enter information. | Booking form field values: selected addresses, vehicle details, service options, timing preferences. Does NOT contain payment data, passwords, or authentication tokens. | 24 hours (auto-cleared), or cleared immediately when you complete or dismiss the booking. | No. Contains only form selections, not financial or authentication data. |
Local storage data is stored entirely on your device and is never transmitted to our servers (for anonymous users). For logged-in users, booking drafts are additionally saved to our secure database to enable cross-device resumption; this server-side draft is automatically deleted after 7 days.
You can clear local storage at any time through your browser settings.
5. Third-Party Cookies
Certain third-party services integrated into our Platform may set their own cookies when you interact with them. We do not control these cookies. The table below describes the third-party services that may set cookies:
Third-party services that may set cookies| Service | Provider | When Active | Cookie Purpose | Category | More Information |
|---|
| Google Maps | Google LLC | When viewing interactive maps on booking or tracking pages | Map functionality, preferences, and performance. Google may also set cookies for its own analytics purposes. | Functional / Third-Party | policies.google.com/privacy |
| Stripe Checkout | Stripe Inc. | During the payment process only | Fraud prevention, payment session integrity, and secure checkout. These cookies are essential for processing your payment securely. | Strictly Necessary / Third-Party | stripe.com/privacy |
We have no access to or control over cookies set by third parties. For information about how these providers use cookies, please refer to their respective privacy policies linked above.
6. Cookie Consent and Legal Basis
6.1 PECR Regulation 6 — The Cookie Rules
Under Regulation 6 of the Privacy and Electronic Communications Regulations 2003 (PECR), storing or accessing information on a user's device (including cookies) requires the user's consent, unless the cookie is "strictly necessary" for the provision of a service explicitly requested by the user.
The Information Commissioner's Office (ICO) confirms in its detailed cookie guidance that strictly necessary cookies are exempt from the consent requirement. The ICO states:
"This exception is a narrow one. To fall within it, the storage of (or access to) information must be essential for the user to be able to use a service they have requested. It would not cover, for example, a cookie used to deliver ads... but would cover a cookie used to ensure that an item is added to a shopping basket."
6.2 Our Position
All cookies set directly by Getcovery fall within the PECR strictly necessary exemption:
- Authentication cookie (sb-*-auth-token): This cookie is strictly necessary because without it, you cannot maintain a logged-in session. You would be required to re-authenticate on every page load, making the service unusable. The ICO recognises authentication cookies as strictly necessary.
- Tracking token cookie (getcovery_tracking_token): This cookie is strictly necessary because without it, you cannot access the booking tracking service you have explicitly requested and paid for. It is the equivalent of a session cookie for the tracking feature.
Because all our first-party cookies are strictly necessary, we are not required to display a cookie consent banner under PECR.
If we introduce non-essential cookies in the future (for example, analytics or marketing cookies), we will update this policy and implement a compliant consent mechanism before doing so.
6.3 UK GDPR Lawful Basis
Where cookies process personal data (such as an authentication token that identifies you), the lawful basis under UK GDPR Article 6(1)(b) is that processing is necessary for the performance of a contract — specifically, to provide you with the vehicle recovery or transport service you have requested.
7. How to Manage Cookies
Although our cookies are strictly necessary and the Platform may not function correctly without them, you can manage cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored on your device.
- Delete individual cookies or all cookies.
- Block cookies from specific websites.
- Block all cookies (note: this will prevent you from logging in to Getcovery).
- Clear cookies when you close your browser.
Instructions for managing cookies in common browsers:
Browser cookie management instructions| Browser | Instructions |
|---|
| Google Chrome | Settings > Privacy and Security > Cookies and other site data |
| Mozilla Firefox | Settings > Privacy & Security > Cookies and Site Data |
| Safari (macOS/iOS) | Preferences > Privacy > Manage Website Data |
| Microsoft Edge | Settings > Cookies and site permissions > Manage and delete cookies |
Important:
If you block or delete our strictly necessary cookies, you will not be able to log in to your account or track your bookings. The booking and tracking features require these cookies to function.
8. Do Not Track (DNT) Signals
Some browsers offer a "Do Not Track" (DNT) setting that sends a signal to websites you visit indicating that you do not wish to be tracked. Because we do not use any tracking, analytics, or advertising cookies, the DNT signal has no effect on our cookie behaviour — we already do not track you.
9. Changes to This Cookie Policy
We may update this Cookie Policy from time to time, particularly if we introduce new cookies or change how existing cookies are used. When we make changes, we will update the "Last Updated" date at the top of this policy.
If we ever introduce non-essential cookies, we will provide you with clear notice and obtain your consent before setting those cookies, in accordance with PECR and UK GDPR requirements.
