RailexRaılex

    Cookie Policy

    Last updated: 19 May 2026

    1. About this Policy

    This Cookie Policy explains how Railex ("we") uses cookies and similar technologies (local storage, session storage) when you visit railex.eu (the "Service"). It is issued pursuant to Article 5(3) of Directive 2002/58/EC ("ePrivacy Directive") as transposed in Estonia by the Electronic Communications Act (Elektroonilise side seadus), and to Articles 13 and 14 of the GDPR.

    Visitors located in Italy are additionally covered by Article 122 of the Italian Codice Privacy (D.Lgs. 196/2003 as amended) and by the Garante per la protezione dei dati personali "Linee guida cookie e altri strumenti di tracciamento" of 10 June 2021. Our consent flow is designed to satisfy those national rules as well: no non-essential technology is loaded until you choose, banner buttons carry equal visual weight, and consent can be withdrawn from the "Cookie preferences" link in the footer.

    For broader information on how we process personal data, see our Privacy Policy.

    2. What are cookies and similar technologies

    Cookies are small text files placed on your device by the websites you visit. They are widely used to make websites work, to make them work more efficiently, and to provide information to the site owners.

    Local storage and session storage are similar mechanisms that allow a website to store small amounts of data in your browser. Under the ePrivacy Directive and GDPR, these technologies are treated under the same regime as cookies when used for tracking or storage of user-related data.

    3. Categories we use

    Railex uses strictly necessary storage, a privacy-first cookieless analytics tool (loaded by default), and — only if you grant analytics consent — an optional session-recording tool with input masking for product-improvement research. We do not use advertising cookies, marketing cookies, cross-site trackers, social-network plugins, or device fingerprinting.

    3.1 Strictly necessary (no consent required)

    NameTypePurposeDuration
    sb-*-auth-tokenLocal storage (Supabase)Keep you signed in; refresh session tokensSession / until sign-out
    railex_cookie_consentLocal storageRemember your cookie preferenceUp to 12 months
    railex-themeLocal storageRemember light/dark theme selectionPersistent until cleared
    CSRF / sessionFirst-party cookieProtect authentication flowsSession

    These technologies are necessary to provide the Service you have requested and do not require consent under Article 5(3) of the ePrivacy Directive and Recital 66 of Directive 2009/136/EC.

    3.2 Analytics (privacy-first, cookieless)

    We use Plausible Analytics (Plausible Insights OÜ, Estonia) to measure aggregate usage of the Service. Plausible is designed to be GDPR-compliant by default:

    • It does not use cookies
    • It does not collect personal data
    • It does not fingerprint visitors or use cross-site identifiers
    • IP addresses are processed in-memory to derive country only, then immediately discarded
    • Data is stored within the EU

    Because Plausible does not store information on your device and does not process personal data, its use is based on Railex's legitimate interest (Art. 6(1)(f) GDPR) and does not require prior consent under Estonian and EU law. Nevertheless, for transparency we offer an opt-out via our cookie banner ("Essential only").

    In addition, we collect Core Web Vitals samples (LCP, CLS, INP, TTFB, FCP) via a self-hosted endpoint to monitor performance. These samples contain no identifiers and are aggregated.

    3.3 Optional product-improvement analytics (consent required)

    When you grant the optional "Accept all" consent on the cookie banner, we also load Microsoft Clarity (Microsoft Corporation, USA) for aggregated heatmaps and rage-click detection on the Service. Clarity helps us understand which areas of the interface confuse users so we can fix them. To minimise the privacy impact:

    • Clarity does not load at all unless you opt in via the cookie banner. If you choose "Essential only", no Clarity request is ever made and no Clarity cookie is set.
    • Once loaded, Clarity sets the cookies _clck (persistent, up to 1 year, used to link a recurring visitor to their previous session for aggregate analysis) and _clsk (session-only, removed when you close the tab). These are first-party cookies set on the railex.eu domain. No other Clarity identifier is stored on your device.
    • Input masking is on by default: form fields, password inputs, and any element marked as sensitive are masked client-side before any data leaves your browser.
    • Microsoft retains Clarity data for up to 13 months.
    • Transfer to the United States takes place under the Standard Contractual Clauses (Module 2 — Controller to Processor) attached to Microsoft's Online Services DPA.
    • You can withdraw consent at any time via the "Cookie preferences" link in the footer; on withdrawal the Clarity script is no longer loaded on subsequent page views.

    Legal basis: Article 6(1)(a) GDPR (consent) and Article 5(3) of the ePrivacy Directive (consent for non-essential storage on terminal equipment).

    3.4 Third-party content embedded in the Service

    • Carto basemaps — map tiles for tender and incident maps. Carto receives the tile request URL and your IP as a necessary consequence of the HTTP request; no cookies are set on the Railex domain.
    • Google Sign-In — only if you choose to authenticate via Google. Google sets cookies on its own domain under its own Privacy Policy and Cookie Policy.
    • ipify.org — invoked from the security panel of your account to display your current IP. No cookies set.

    4. How to manage your preferences

    On your first visit a banner is displayed with two options:

    • Accept all — strictly necessary storage plus privacy-first analytics (Plausible), Web Vitals and Microsoft Clarity session insights with input masking
    • Essential only — strictly necessary storage; analytics and Web Vitals disabled

    Your choice is stored in railex_cookie_consent and remembered for up to 12 months, after which the banner is shown again. You can revisit the choice at any time via the Cookie preferences link in the site footer.

    You can also block or delete cookies and clear local storage from your browser settings:

    Note: blocking strictly necessary storage may prevent the Service from functioning correctly (e.g. you will not be able to stay signed in).

    5. Updates

    We may update this Cookie Policy from time to time. The "Last updated" date at the top reflects the version in force. Material changes affecting the categories of cookies or analytics tools used will trigger a new consent request.

    6. Contact

    Questions about this Cookie Policy: info@railex.eu.

    See also: Privacy Policy, Terms of Service.