Legal information
Cookie-Hinweise
Cookie and tracking rules for the default launch setup: necessary cookies only, no advertising pixels, no cross-site tracking, and no non-essential analytics.
Last updated: 2026-06-15
Draft compliance notice
FromAsia Foods uses only cookies and comparable technologies that are necessary to provide the B2B platform requested by logged-in users. This notice is a launch draft and must be checked against the exact production cookie names before public launch.
No consent banner by default
Under the default setup, the platform does not load non-essential cookies, advertising pixels, cross-site trackers, or third-party analytics. Because only necessary cookies are used, a cookie consent banner is not shown by default. The necessary cookies are still disclosed here for transparency.
If analytics, advertising, heatmaps, session replay, remarketing, or other non-essential technologies are added later, they must be blocked until valid consent is collected. Users must be able to reject consent as easily as they accept it and withdraw consent later.
Allowed necessary cookies
| Name | Provider | Purpose | Retention | Third party | Necessary |
|---|---|---|---|---|---|
| next-auth.session-token or equivalent session cookie | FromAsia Foods | Keeps authenticated users signed in. | Session or configured account session lifetime. | No | Yes |
| next-auth.csrf-token or equivalent CSRF cookie | FromAsia Foods | Protects sign-in and account actions against CSRF attacks. | Session or short technical lifetime. | No | Yes |
| afb-locale | FromAsia Foods | Stores the selected interface language. | Preference lifetime configured by the app. | No | Yes |
| Security, rate-limit, or abuse-prevention cookies | FromAsia Foods or EU/Germany-hosted security provider | Protects the platform against misuse and unauthorized access. | As short as operationally possible. | Only if a reviewed provider is added. | Yes |
| Load-balancer or hosting session cookie, if configured | Production hosting provider to be added | Maintains secure delivery of the requested platform session. | Session or short technical lifetime. | Only if the selected hosting provider requires it. | Yes, if technically required. |
Not used by default
- Google Analytics.
- Meta Pixel, TikTok Pixel, LinkedIn Insight Tag, or other advertising pixels.
- Hotjar, session replay, heatmaps, or behavioural recording tools.
- Remarketing, behavioural advertising, or cross-site user profiles.
- Third-party analytics scripts loaded before consent.
If analytics are added later
The preferred future option is EU-hosted, cookieless, aggregated analytics. If advertising pixels or non-essential analytics are introduced, they must be blocked until valid consent is collected, and users must receive equally easy options to accept, reject, and withdraw consent.
The privacy notice, cookie table, consent records, processor list, and service-provider contracts must be updated before those tools are enabled.
Legal reference
This policy follows the German TDDDG section 25 distinction between necessary technologies and technologies that require consent.