Legal
Cookie Policy
Effective 2026-05-04
Our approach
We limit cookie usage to what is strictly necessary for the site to function and for dashboard authentication. No advertising cookies, no third-party tracking, no analytics (Google Analytics, Meta Pixel, etc.).
Full cookie inventory
| Cookie | Purpose | Duration | Type |
|---|---|---|---|
| sa_locale | Remembers the regional version chosen by the user to avoid re-suggesting the redirect on each visit. | 30 days | Essential — functionality |
| scanaccess_consent | Confirms that the user has seen and accepted the cookie banner — prevents it from showing again. | 1 year | Essential — compliance |
| sa_access / sa_refresh / sa_csrf | Session cookies for authenticated dashboard users. Short-lived JWT + refresh token. | Session (refresh: 7 days) | Essential — authentication |
How to refuse or delete cookies
- Essential cookies cannot be refused without breaking site functionality (region, authentication). They are never used for marketing or profiling.
- You can delete these cookies at any time from your browser settings. The consent banner will reappear on your next visit.
- To exercise your GDPR rights (access, deletion, portability) on data tied to your account, contact privacy@scan-access.com.
Third-party processors that may set their own cookies
When you use the authenticated dashboard, the following third-party services may set their own cookies as part of the features you access:
Stripe — only during a payment, for fraud prevention. Policy: stripe.com/cookie-settings.