Storefront Cookie & Telemetry Policy

Last Updated: June 5, 2026

This Cookie & Telemetry Policy describes how Bedroomlabs SRL utilizes browser cookies, local storage blocks, and script injection layers on our custom headless web storefront. We run a privacy-first web configuration that places total control over data tracking directly into the user's hands.

1. Operational Definition of Cookies

Cookies are small alphanumeric data packets or text files (typically under 4KB) written directly into your browser's local storage nodes when you hit our storefront layout. Because web protocols are natively stateless, cookies allow our custom frontend code and server infrastructure to recognize your browser session across page changes, preserving your configuration states and active items.

2. Categorization Matrix (Functional vs. Marketing)

Our codebase divides browser trackers into two explicit, segregated operational categories:

• Essential / Functional Cookies: These files are strictly required to operate the basic core features of our custom store. They manage your active shopping cart tokens, remember checkout configurations, and store your selected privacy consent choices. These cookies do not track marketing profiles and are exempt from opt-out scripts.
• Optional Tracking Pixels (Marketing & Performance): These include directly injected tracking code scripts from third-party networks (such as Meta Pixels, TikTok Pixels, and Google Analytics). They analyze user acquisition paths and calculate ad conversions. These scripts are completely locked down by default.

3. Frontend Consent Lifecycles

To ensure complete compliance with European ePrivacy directives and GDPR frameworks, our storefront layout utilizes a strict Consent Gatekeeper Pattern. When a user initialises a web session on our custom store, our code execution thread checks for a valid consent preference string. Until you click an active option on our privacy overlay banner, all optional marketing pixels and analytics code blocks are legally barred from compiling or executing inside your browser DOM.

4. Affirmative Choice Mechanics ("Accept All")

When you execute an affirmative choice by clicking "Accept All" on our custom storefront privacy component, the following automated events take place within our code layout:

• Our Cookies.ts module writes a secure, encrypted configuration cookie named esc_privacy_consent to your browser session.
• The consent lifecycle window is set to exactly 365 days, meaning your choice remains legally valid for one full calendar year before the browser cookie expires and re-triggers the UI layout banner.
• The gatekeeper flags turn to true, and our custom layout immediately initializes the direct script injections for Meta, TikTok, and Google Analytics.

5. Negative Choice Mechanics ("Decline Optional")

If you select "Decline" or choose to allow only essential elements, our custom gatekeeper drops a simple persistence block string. This functional cookie ensures our site remembers your preference so the banner layout disappears on subsequent page clicks. No marketing scripts will fire, no tracking pixels will load, and your behavioral footprint remains entirely invisible within our advertising dashboards.

6. Native Shopify Server-Side Telemetry

While our custom Cookies.ts module gives you absolute control over client-side script injections (like Meta or TikTok pixels), you explicitly acknowledge that our backend checkout pipeline relies natively on the Shopify Storefront API. Shopify utilizes automated, server-side data tracking strings to securely maintain your anonymous shopping cart tokens and calculate conversion baselines. This processing is executed anonymously and does not build marketing profiles or track your identity across external domains.

7. Data Transmission Security

All browser cookies and analytics meta-layers processed across our headless storefront environments utilize mandatory end-to-end encryption. All network transport requests are forced through secure Hypertext Transfer Protocol Secure (HTTPS) data routes running TLS 1.3 encryption layers. This blocks external malicious parties from sniffing, intercepting, or altering your cookie state logs or preference keys in transit.

8. Manual Browser Controls & Policy Revisions

You maintain full, independent authority over your browser data layers. You can clear your cookies or block local storage nodes at any time through your client browser settings panel. Purging your data layers manually resets our custom layout state, forcing the storefront privacy banner to re-trigger the next time you visit our web store. For specific technical inquiries regarding our cookie variables or code-injection scripts, contact us at hi@bedroomlabs.co.