Cookie Policy
This document outlines the cookies and tracking technologies used or planned for use across the BuildBear Labs platform.
This document outlines the cookies and tracking technologies used or planned for use across the BuildBear Labs platform. It is intended as a working reference for legal, product, and engineering teams to evaluate data collection practices against regulatory standards. The overview includes both first-party and third-party cookies, categorized by function (e.g., essential, analytics, marketing), with details on purpose, retention, and whether user consent is required.
By maintaining transparency and precision in how we implement tracking technologies, BuildBear Labs aims to ensure compliance with key privacy frameworks including the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and Singapore’s Personal Data Protection Act (PDPA). This document supports ongoing efforts to align product features with privacy-by-design principles and to give users clear, meaningful control over their data.
Data Access & Withdrawal Procedure
BuildBear Labs is committed to giving users full control over how their data is collected and used. Users can access, correct, or request deletion of any personal data associated with cookie-based tracking by contacting our support team at [email protected]. We aim to respond to all requests within 30 days, in accordance with applicable data protection laws.
Cookies
Essential- Security, session continuity (No consent required)Functional- User preferences (No consent required)Analytics- Usage insights, traffic reporting (Consent required)Marketing- Retargeting, conversion tracking (Consent required)
| Cookie/Service | Purpose | Category | Consent | Retention | Storage |
|---|---|---|---|---|---|
| NextAuth Session | User authentication and session management | Essential | No | Session | First-party (browser) |
| Tawk.to Chat Widget | Enable live chat support and session continuity | Functional | No | 6 months | Third-party (Tawk.to) |
| Node ID (Custom) | Stores user-selected node/network | Essential | No | Session | First-party (browser) |
| Google Analytics | Traffic analysis and user behavior | Analytics | Yes | 14 months (default) | Third-party (Google) |
| Vercel Analytics | Performance monitoring and usage insights | Analytics | Yes | 12 months | Third-party (Vercel) |
Cookie Retention Periods
BuildBear Labs applies strict retention practices for cookies to ensure personal data is only held for as long as necessary to serve its original purpose. Essential cookies are typically session-based and expire when the browser is closed, while analytics and marketing cookies have defined lifespans aligned with industry standards or partner configurations. We regularly review cookie settings to minimize unnecessary data storage and support user expectations of privacy, in line with GDPR, CCPA, and PDPA requirements.
Data Subject Rights Workflow
BuildBear Labs ensures all users can exercise their data rights quickly and without friction. Whether accessing their data, withdrawing consent, or requesting deletion, users can expect a responsive, transparent process handled in accordance with legal response timelines. We treat every privacy request as a core responsibility and have implemented clear support procedures to facilitate user control over their personal information.
Compliance Appendix
GDPR Compliance Summary
BuildBear Labs is committed to upholding the data protection principles outlined in the EU General Data Protection Regulation (GDPR). Our approach ensures that users are informed, empowered to consent granularly, and protected against unnecessary data collection. We actively minimize personal data usage, secure all data transmissions, and maintain transparency across all cookie and tracking technologies. This foundation supports responsible product development while maintaining user trust across Europe.
| Principle | Our Implementation |
|---|---|
| Lawfulness, Fairness, Transparency | All cookies are categorized and described with their purpose. Consent is collected where required. |
| Purpose Limitation | Cookies are only used for specific, clearly stated purposes. |
| Data Minimization | Only essential and purposeful cookies are deployed. |
| Accuracy | No user profiles are created from inaccurate or inferred data. |
| Storage Limitation | Cookie expiration dates are reviewed and aligned with their function. |
| Integrity & Confidentiality | Secure, HTTPS-only cookies are used. No sensitive PII is stored in cookies. |
| Accountability | A consent log is maintained; this document is reviewed quarterly. |
CCPA & CPRA Compliance Summary
In compliance with the California Consumer Privacy Act (CCPA) and its amendment under CPRA, BuildBear Labs provides users with clear rights to access, delete, or opt out of the sale or sharing of their personal information. We respect user autonomy by offering robust cookie controls and maintaining transparency in all data-sharing practices. Our policies are designed to meet California's evolving privacy expectations while fostering a user-centric experience that aligns with regulatory best practices.
| Principle | Our Implementation |
|---|---|
| Do Not Sell/Share Personal Info | No personal information is sold. Retargeting cookies require opt-in. |
| Right to Know/Delete | Users can request their cookie history via our support channel. |
| Granular Consent | Cookie categories (Essential, Analytics, Marketing) can be independently controlled. |
| Notice at Collection | A banner is shown at first visit linking to this overview. |
| Retention | Cookie data is retained for a maximum of 12 months unless renewed by the user. |
Singapore PDPA Compliance Summary
Under the Personal Data Protection Act (PDPA) of Singapore, BuildBear Labs enforces responsible data governance, user notification, and consent-driven tracking practices. Our systems are designed to limit the collection, use, and disclosure of personal data to what is strictly necessary. All third-party services are reviewed for compliance, and data subject rights such as access, correction, and consent withdrawal are honored in a timely and transparent manner.
| Principle | Our Implementation |
|---|---|
| Consent Obligation | Users are informed via a banner and must opt in to non-essential cookies. |
| Purpose Limitation Obligation | Cookies are deployed only for the stated purposes (e.g., analytics, live chat). |
| Notification Obligation | Users are notified about collection, use, and disclosure via our Privacy Policy. |
| Access and Correction | Users can request access to cookie-related data and request corrections. |
| Accuracy Obligation | No profiling or automated decisions are made based on inaccurate cookie data. |
| Protection Obligation | Cookies are secured via HTTPS; no sensitive personal data is stored in cookies. |
| Retention Limitation | Cookie data is automatically purged based on defined expiry policies. |
| Transfer Limitation | Third-party services (e.g., Google Analytics, Tawk.to) are reviewed for PDPA compliance. |