Cookies

Cookie Policy

Last Updated: June 2026

This policy explains how the StoreFront mobile application (“the App”), operated by Sprout Technology Pty Ltd, uses cookies, local storage, and similar technologies.

1. Do We Use Cookies?

StoreFront is a native mobile application, not a website. We do not use traditional browser cookies.

However, like most mobile apps, we use local device storage technologies that serve similar functions. This policy explains what those are and how they work.

2. What We Store on Your Device

2.1 Authentication Tokens (Required)

What Where Why
Access token (JWT) Device encrypted keychain (Expo Secure Store) Keeps you signed in so you don’t need to enter your password every time
Refresh token Device encrypted keychain (Expo Secure Store) Automatically renews your access token when it expires

These tokens are stored in your device’s encrypted keychain (iOS Keychain / Android Keystore), the most secure storage available on mobile devices. They are:

  • Encrypted at the hardware level
  • Not accessible by other apps
  • Automatically cleared when you sign out or delete your account
  • Not transmitted to any third party

2.2 In-Memory Caches (Temporary)

The App uses temporary in-memory caches to improve performance and reduce data usage. These include cached copies of:

  • Your swipe feed items
  • Trending items and brands
  • Brand profiles and analytics
  • Your tag preferences
  • Currency conversion rates
  • Notification data

These caches:

  • Are stored locally on your device (in app memory or local device storage) and remain on your device
  • Are never sent to any external service or third party
  • Contain only copies of data already stored on our servers
  • Are cleared when you clear the App’s data through your device settings or delete your account

2.3 Network Connectivity Check

The App periodically checks your internet connectivity by sending a lightweight request to https://clients3.google.com/generate_204 (a standard connectivity check endpoint operated by Google). This check:

  • Sends no account data, profile information, or identifiers
  • As with any internet request, exposes your device’s IP address to the endpoint operator (Google); we do not send or receive any other information through this check
  • Only determines whether you have an internet connection
  • The result (connected/disconnected) is stored in app memory only
  • Is used solely to show you an offline indicator in the UI

3. Third-Party Technologies

3.1 Supabase Authentication

Our authentication provider (Supabase) manages session tokens on your device. This is limited to the authentication tokens described in Section 2.1 above.

3.2 Expo Push Notifications

If you enable push notifications, the Expo push notification service stores a push token on your device. This token:

  • Is used solely to deliver push notifications to your device
  • Is stored on our server alongside your user ID
  • Is deleted when you sign out, disable notifications, or delete your account

3.3 No Analytics or Advertising Trackers

We do not use:

  • Google Analytics, Firebase Analytics, or any third-party analytics SDK
  • Advertising SDKs or tracking pixels
  • Facebook SDK, Mixpanel, Amplitude, Segment, or similar services
  • Any technology that tracks you across other apps or websites

4. Your Choices

4.1 Managing Stored Data

You can manage the data stored on your device by:

  • Signing out — clears authentication tokens and push notification tokens
  • Clearing app data — through your device settings (Settings > Apps > StoreFront > Clear Data), removes all locally stored data
  • Deleting your account — removes all data from our servers and triggers local cleanup
  • Disabling notifications — through your device settings, prevents push notification token storage

4.2 Essential Storage Only

All local storage used by the App is essential for its operation (authentication, performance caching, connectivity checking). We do not use any optional or non-essential tracking technologies that would require separate consent under ePrivacy regulations.

5. Future Web Version

If we introduce a web-based version of StoreFront, this policy will be updated to include details about browser cookies, including any analytics or functional cookies, consent mechanisms, and cookie management options.

6. Changes to This Policy

We may update this policy from time to time. Changes will be reflected in the “Last Updated” date above.

7. Contact Us

If you have questions about this policy:

Sprout Technology Pty Ltd
Email: hello@sprout.enterprises