Legal

Cookie Policy

Last updated: June 10, 2026

This page lists the cookies, similar technologies, and data-collection methods used by Galerist (galerist.photo and its subdomains). The Service primarily relies on strictly necessary session cookies that are exempt from consent under art. 122 of Italian Legislative Decree 196/2003 and the Italian DPA Provision of June 10, 2021. For optional features (session recording for bug-fixing, video quality analytics) that fall within the scope of these rules, we request consent through the banner shown on your first visit.

You can withdraw or change your preferences at any time by clicking “Cookie preferences” in the footer of this page.

1. Strictly necessary cookies (always active)

These cookies are essential for the Service to function and do not require consent.

NamePurposeDuration
sb-wqiujkihjsrdggzepyhv-auth-token
(+ chunk .0, .1, …)
Photographer authentication session (Supabase JWT). Without this cookie the admin area is not accessible.~400 days, renewable
sb-wqiujkihjsrdggzepyhv-auth-token-code-verifierPKCE verification during magic-link / OTP login flows. Temporary.Session
gallery_auth_<code>Keeps the End Client authenticated on a gallery after entering the password.30 days (or session if “password on every visit” is enabled)
gallery_ticket_<code>One-shot ticket consumed by middleware for galleries requiring a password on every visit.Session
sub_gallery_auth_<code>Authenticated access to password-protected sub-galleries.30 days
galerist-proof-sessionAnonymous session UUID for the proofing system (photo selection, annotations). Identifies the client's session during review.90 days
NEXT_LOCALEStores the chosen language (it/en) so it does not need to be set on every visit.1 year
galerist-sidebarAdmin sidebar display preference (expanded/collapsed).1 year
galerist-consentStores the cookie preferences the user expressed in the banner (value: all or necessary).1 year
__cf_bmBot management and protection set by Cloudflare. Considered strictly necessary under the Italian DPA Provision of June 10, 2021.30 minutes

2. Local storage (localStorage / sessionStorage)

These are not HTTP cookies — they are data stored locally in the browser and are never transmitted to our servers.

KeyStorageContent
galerist:favs:<galleryId>localStorageThe client's favourited photos in the gallery lightbox. Stays on the device.
galerist:billinglocalStorageMonthly/annual toggle preference on the pricing page.
gps_proofing_tut_overlaylocalStorageWhether the proofing welcome tutorial has already been viewed.
galerist-upgrade-dismissedsessionStorageWhether the upgrade prompt was dismissed in the current session.

3. Monitoring cookies and technologies (consent required)

The following technologies are activated only with your explicit consent (“Accept all” in the banner).

Sentry (error monitoring + Session Replay)

We use Sentry to detect and diagnose application errors. Error tracking operates on the basis of legitimate interest (art. 6 §1 lit. f GDPR): it is essential for service security and reliability, and data is pseudonymised (sendDefaultPii: false).

Session Replay (recording user interactions to help diagnose bugs) requires your consent. When active, 10% of sessions are recorded; 100% when an error occurs. Recording is handled by scripts from Sentry Inc. (USA; EU data stored in Frankfurt). Data is transmitted to de.sentry.io via an anti-adblock proxy at galerist.photo/monitoring.

Mux Data (video quality analytics)

When videos are played via the Mux player, Mux Data collects playback quality metrics (QoE: buffering, bitrate, startup time) to improve the video experience. These metrics are transmitted to Mux Inc. servers (USA) and may include the visitor's IP address. The player is only used in galleries that contain videos uploaded via Mux. Tracking is disabled without consent.

4. Third-party cookies at checkout

When making a payment you are redirected to checkout.stripe.com or billing.stripe.com (hosted by Stripe). In that environment, Stripe sets its own technical cookies (__stripe_mid, __stripe_sid) for security and fraud prevention. These cookies are set on Stripe's domain, not on galerist.photo, and are governed by Stripe's Privacy Policy.

5. How to manage or disable cookies

Galerist preferences: click “Cookie preferences” in the footer to change or withdraw your consent at any time.

Browser settings: you can disable cookies in your browser settings. Note that without the essential cookies listed above the Service will not be usable (login, password-protected galleries, proofing).

6. Contacts and changes

For any request about cookies email privacy@galerist.photo. We will update this page whenever new cookies or new purposes are introduced. Material changes will be notified with at least 30 days' notice (by email or in-app banner) in accordance with the Terms of Service.

References: art. 122 of Italian Legislative Decree 196/2003 as amended by Legislative Decree 101/2018; Italian DPA Provision of June 10, 2021 “Guidelines on cookies and other tracking tools”; Directive 2002/58/EC (ePrivacy) as amended; art. 6 §1 lit. a and f GDPR 2016/679; California Online Privacy Protection Act (CalOPPA) for California residents.