Cookie Policy
Version 2.0 · Effective 2026-04-20
1. About this Policy
This Cookie Policy explains how Blob Solutions LLC (VCR.AM) uses cookies and similar technologies on the VCR.AM website and service (the "Service"). It is part of our Privacy Policy — read it for full details on how we process personal data.
We keep cookies to a minimum. We do not use advertising cookies, cross-site tracking, or social-media pixels.
2. What is a cookie?
A cookie is a small text file stored by your browser. Cookies let the Service recognise you between visits and keep essential features working (for example, staying signed in). Similar technologies include localStorage, sessionStorage, and pixels; we treat them under this Policy the same way we treat cookies.
Cookies are commonly classified by:
- Duration — session cookies are deleted when you close the browser; persistent cookies last a set period.
- Origin — first-party cookies are set by the domain you are visiting; third-party cookies are set by other domains embedded in the page.
- Purpose — strictly necessary, functional, analytics, or marketing cookies.
3. Cookies we use
3.1. Strictly necessary (no consent required)
These cookies are essential for the Service to work. They are first-party, HTTP-only, marked Secure, and sent only to vcr.am over HTTPS. The Service cannot function without them.
| Name | Purpose | Type | Duration |
|---|---|---|---|
vcr-session | Authenticates your session after sign-in. Set by VCR.AM as HTTP-only, Secure, SameSite=Lax. Cannot be disabled without losing access to the signed-in area. | First-party, session | Until session expiry or sign-out |
3.2. Analytics (consent required in the EEA and UK)
We use aggregated analytics to understand how the Service is used and to improve it. Outside jurisdictions that require a consent banner we enable these by default; where consent is legally required we only set them after you opt in.
Vercel Analytics and Vercel Speed Insights — provided by Vercel Inc. Both are cookieless first-party telemetry: they do not set cookies or use cross-site identifiers. They measure page views, Core Web Vitals, and performance metrics using anonymised hashes derived from the request.
Google Analytics 4 — provided by Google LLC. GA4 is loaded only on our public marketing pages (not inside the authenticated dashboard). IP addresses are truncated before storage.
| Name | Purpose | Type | Duration |
|---|---|---|---|
_ga | Google Analytics — distinguishes users. | Third-party (google-analytics.com) | 2 years |
_ga_<container-id> | Google Analytics 4 — persists session state. Container-id matches our GA property. | Third-party | 2 years |
_gid | Google Analytics — distinguishes users for 24 hours. May be set depending on the GA configuration. | Third-party | 24 hours |
3.3. Functional
We do not currently set functional cookies. The user-interface language is determined by the URL prefix (/en, /ru, /hy), not by a cookie. If this changes we will list the cookies here before turning them on.
3.4. Marketing / advertising
We do not use marketing or advertising cookies. We do not embed Facebook Pixel, Google Ads conversion tags, LinkedIn Insight, TikTok Pixel, or any similar tracker. We do not embed YouTube, Facebook, X (Twitter), or LinkedIn widgets that would set third-party cookies.
4. Other storage we use
Beyond cookies, the Service uses:
localStorage— stores UI preferences (theme, last-used cash register) entirely in your browser. Never sent to our servers.sessionStorage— short-lived UI state cleared when you close the tab.
These items never contain sensitive data and are not used for tracking.
5. Managing cookies
5.1. In your browser
You can block or clear cookies in your browser settings. Blocking vcr-session will prevent you from signing in.
- Chrome — Settings → Privacy and security → Cookies.
- Firefox — Settings → Privacy & Security → Cookies.
- Safari — Preferences → Privacy.
- Edge.
5.2. Opting out of Google Analytics
You can install the official Google Analytics Opt-out Browser Add-on to prevent GA from running on every site you visit.
5.3. Do Not Track
We honour the Sec-GPC (Global Privacy Control) signal where technically possible. We do not currently act on the legacy DNT header because it has been deprecated without a replacement standard.
6. International users
If you are in the EEA, the United Kingdom, or another jurisdiction that requires prior consent for non-essential cookies, we will present a consent choice before setting analytics cookies. Your choice is recorded locally and can be changed at any time from the footer.
7. Changes to this Policy
We may update this Policy when we add, remove, or change cookies. The version and effective date are at the top of the page. Material changes (adding new cookies, changing provider) are also announced by email to account holders.
Changes in this version
- v2.0 — 2026-04-20
- Removed the stale
__Secure-next-auth.*and__Host-next-auth.csrf-tokenentries — next-auth is no longer used. - Added the current first-party session cookie (
vcr-session) with correct attributes (HTTP-only, Secure, SameSite=Lax). - Added Vercel Analytics and Vercel Speed Insights as cookieless telemetry.
- Clarified Google Analytics cookies (
_ga,_ga_<id>,_gid) and that GA4 runs only on public marketing pages. - Removed claims about embeds we do not use (YouTube, Facebook "like", Twitter "tweet this").
- Added a Do Not Track / Global Privacy Control statement.
- Fixed the link to the Privacy Policy (was broken in previous versions).
- Removed the stale
8. Contact
Blob Solutions LLC · Email: support@vcr.am
For full details on how we process personal data, see the Privacy Policy.