Cookie Policy

Effective: June 2, 2026

This policy explains what cookies are, which ones we use on Premia (premia.vip) and the portals we operate for our restaurant customers, and how you can control them. It forms part of our privacy policy — if there is a conflict, this policy governs cookies and the privacy policy governs everything else.

1. What cookies are

A cookie is a small text file the browser saves when you visit a website. We use them to remember your session, your preferences, and to measure how the site behaves. Some cookies are ours (first-party); others come from services we use to operate the platform (third-party).

2. Cookies we use

2.1 Strictly necessary

Without these, the application does not work. You cannot disable them here; you would have to block them in your browser, accepting that the site will stop working.

  • sb_member_session — end-customer session (when you sign in via OTP over WhatsApp/SMS). HttpOnly, Secure, SameSite=Lax. Expires in 30 days or when you sign out.
  • sb-<ref>-auth-token — operator session (restaurant dashboard). Issued by Supabase Auth.
  • gfa-locale — remembers your language (es / en) so we serve you the correct version of the site.

2.2 Preferences

These improve your experience but are not essential. If you reject them, the site keeps working with default values.

  • gfa-consent — saves your choice in the cookie banner so we do not ask again every visit.
  • gfa-theme — the visual theme of the restaurant you last visited.

2.3 Analytics (opt-in)

These only activate if you accept them in the banner. They help us understand which pages customers and operators use so we can prioritize improvements. Aggregate data; they do not identify the person.

  • Sentry — captures frontend errors so we can fix them. If enabled by the restaurant operator, it collects browser name, operating system, page path, and the error stack trace. It does not collect the content of form fields.

2.4 Marketing / advertising

We do not use any. Premia does not sell ad space or share data with retargeting networks. Points and rewards are the only “currency” in the system.

3. Third-party cookies

Some providers we use to make the platform work may set their own cookies:

  • Supabase (auth) — operator session, JWT.
  • Vercel (hosting) — operational cookies for load balancing and caching.
  • Twilio (WhatsApp/SMS) — does not set cookies on our domain; the whole integration is server-side.

4. How to control cookies

You have three ways:

  • Cookie banner on your first visit — you can accept all, only the necessary ones, or open “customize” to choose by category.
  • Browser — every modern browser lets you view, block, or delete cookies per site. Search for “cookies” in the settings of Chrome, Safari, Firefox, or Edge.
  • Incognito mode — opens a window without persistent cookies. Useful for testing.

If you block strictly necessary cookies, the site may stop working (you will not be able to sign in, for example).

5. Changes to this policy

We will update this page if we change the cookies we use. The effective date above reflects the last update. Material changes are also notified in the operator dashboard and, where applicable, via WhatsApp.

6. Contact

Questions? Write to us at privacy@premia.vip.

Cookie Policy — Premia · Premia