BabyRecallTracker
Cookie Policy
Last updated: 5/5/2026
Controller: Little Shield LLC, 1025 Easton Road #1084, Willow Grove, PA 19090, United States
Contact (privacy): contact@littleshieldllc.com
This Cookie Policy explains how Little Shield LLC ("we", "us") uses cookies and similar technologies on www.babyrecalltracker.com when you visit or use it. It should be read together with our Privacy Policy (https://www.babyrecalltracker.com/privacy).
We process personal data in connection with these technologies as described in our Privacy Policy and in line with the UK GDPR / EU GDPR (as applicable) and national laws implementing the ePrivacy Directive (often referred to as "cookie rules").
1. What are cookies and similar technologies?
Cookies are small text files stored on your device when you visit a website. Similar technologies include, for example, local storage in your browser, pixels, or SDKs that achieve comparable purposes.
Cookies can be first-party (set by us) or third-party (set by a partner whose technology runs on our pages).
2. Legal bases (EU / UK)
Depending on the cookie or technology:
- Strictly necessary cookies/technologies are used where necessary to provide a service you request (for example, to keep you logged in securely, or to complete an OAuth security flow). For these, we rely on GDPR Art. 6(1)(b) (performance of a contract) and/or Art. 6(1)(f) (legitimate interests in secure operation), and national rules that allow them without consent where they are strictly necessary.
- Non-essential cookies/technologies (for example, some analytics or marketing tools) generally require your consent under ePrivacy rules before they are placed or read, unless a narrow exemption applies in your country. Where we use such technologies, we will obtain consent through a consent mechanism, and you may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.
If we only use strictly necessary technologies, we may not need a consent banner, but we still provide this notice for transparency.
3. How to control cookies
- Browser settings: You can block or delete cookies through your browser. If you block strictly necessary cookies, parts of the Service (for example sign-in) may not work.
4. Cookies and technologies we use
The exact names, lifetimes, and parties can change with updates to our software or providers. We will keep this Policy reasonably current.
| Category | Name / technology (examples) | Purpose | Type | Typical duration | Legal basis |
|---|---|---|---|---|---|
| Strictly necessary / security | NextAuth / Auth.js session and security cookies (e.g. session token, CSRF, OAuth state/PKCE where applicable) | Maintain authenticated sessions; protect sign-in and OAuth flows | First-party | Session or as configured (e.g. limited days/weeks) | Contract / legitimate interests (security); strictly necessary where applicable |
| Strictly necessary / security | amazon_dp_pkce (example name) | Short-lived binding for Amazon "connect inbox" OAuth (PKCE) | First-party | Short-lived (cleared after callback) | Strictly necessary for requested integration |
| Strictly necessary / access control | brt_site_access (example name) | Temporary password gate to restrict access to pre-release or staging environments when enabled | First-party | e.g. up to 14 days as configured | Legitimate interests / access control for the Service |
| Functional (device storage) | Browser local storage (e.g. welcome/onboarding dismissed flag) | Remember UI choices on your device | First-party | Until you clear site data or we change keys | Consent or legitimate interests, depending on use |
| Analytics / performance | Vercel Web Analytics (script) | Aggregate usage and performance metrics | Third-party (Vercel) | Per Vercel documentation | Consent if not strictly necessary, or another basis if exempt |
| Analytics / performance | Vercel Speed Insights (script) | Performance / Core Web Vitals style insights | Third-party (Vercel) | Per Vercel documentation | Consent if not strictly necessary |
OAuth providers: When you sign in with Google, Microsoft, or similar, those providers may set their own cookies on their domains during the consent/login pages. We do not control those cookies; see their respective policies.
Payments: If you use Stripe Checkout or similar, Stripe may use cookies or similar technologies on Stripe's pages. See Stripe's cookie/privacy notices when you are on their flow.
5. Retention
Retention depends on the cookie or technology:
- Session / security cookies often expire when you close the browser or after a defined session period.
- Site gate cookies may persist for a limited number of days to avoid repeated prompts.
- PKCE / OAuth helper cookies are typically short-lived and cleared when the flow completes.
For third-party technologies, retention is determined by the provider's documentation and your choices.
6. Transfers outside the UK / EEA
Where third-party providers process data outside the UK or EEA, we rely on appropriate safeguards as described in our Privacy Policy (https://www.babyrecalltracker.com/privacy), (for example, Standard Contractual Clauses and/or adequacy decisions), unless an exception applies.
7. Your rights
Under the GDPR / UK GDPR you may have rights including: access, rectification, erasure, restriction, objection (where applicable), portability, and the right to lodge a complaint with a supervisory authority. Details are in our Privacy Policy (https://www.babyrecalltracker.com/privacy).
For consent-based technologies, you may withdraw consent at any time via your account dashboard or by contacting us at contact@littleshieldllc.com.
8. Changes
We may update this Cookie Policy when we change our use of cookies or technologies. The "Last updated" date will be revised; material changes may be communicated as required by law.
9. Contact
Questions about this Policy: contact@littleshieldllc.com
Supervisory authority (EU): your local authority.