Menu
Last updated 16-06-2026
This Cookie Policy explains how BLLOOG uses cookies and similar technologies on its website and in its applications, and how you can control them. It is the document referred to as the “cookie principles” in our Principles of Processing and Protection of Personal Data (the “Privacy Policy”) available at https://www.blloog.com/policies/privacy-policy , and it must be read together with the Privacy Policy, which describes the processing of personal data, your rights and our service providers in detail.
This Policy is issued by BLLOOG, s.r.o. , with its registered office at Velehradská 1735/28, Vinohrady, 130 00 Prague 3, IČ: 19303378, registered in the Commercial Register maintained by the Municipal Court in Prague, file No. 384441 (“BLLOOG” or “we”). It covers the website https://www.blloog.com/ and its sub-pages, the BLLOOG web application, and — to the extent described in section 6 — the BLLOOG mobile applications. You may contact us about this Policy at contact@blloog.com or via the Data Protection Officer identified in the Privacy Policy.
Cookies are small text files that a website stores in your browser or device when you visit it. They can be “first-party” (set by us) or “third-party” (set by our service providers), and “session” cookies (deleted when you close the browser) or “persistent” cookies (stored for a set period). In this Policy, “cookies” also covers similar technologies that store or read information on your device, such as localStorage and sessionStorage, pixels and tags, and software development kits (SDKs) in our mobile applications.
The use of cookies is governed by Section 89(3) of Act No. 127/2005 Coll., on Electronic Communications, which has provided for an opt-in (consent-based) regime in the Czech Republic since 1 January 2022, and — where cookies involve the processing of personal data — by Regulation (EU) 2016/679 (the “GDPR”).
This means that we may store cookies on your device, or read them, only with your prior consent. The only exception is strictly necessary (technical) cookies — those required for the transmission of communications or for providing a service you have explicitly requested (for example keeping you logged in, securing the platform, or processing a payment). These are used without consent; the legal basis for any related processing of personal data is the performance of a contract or our legitimate interest in the security and functioning of the platform (Article 6(1)(b) and (f) GDPR). All other categories — functional, analytics and marketing cookies — are used only on the basis of your consent (Article 6(1)(a) GDPR), given through the cookie banner.
On your first visit, a cookie banner allows you to accept all cookies, reject all non-essential cookies, or make a granular choice per category. Until you make a choice, only strictly necessary cookies are used. [Ensure the consent tool offers a “Reject all” option at the first layer with the same prominence as “Accept all” — this reflects the enforcement practice of the Czech Office for Personal Data Protection.]
You can change or withdraw your consent at any time, with effect for the future, via the [“Cookie settings” link in the footer of the website / in the application settings] . Withdrawing consent is as easy as giving it and does not affect the lawfulness of the use of cookies before withdrawal. Your consent (or refusal) is stored for [12 months] , after which we will ask you again; if you have refused, we will not display the banner again for at least [6 months] . The use of the platform is not conditional on consent to non-essential cookies.
The lists below are current as of [date — verify the names, providers and durations against an up-to-date cookie scan / the export from your consent-management tool before publication] . An always up-to-date list is available in the cookie settings referred to in section 4.
a) Strictly necessary cookies (no consent required)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| [sb-…-auth-token] | BLLOOG (issued via Supabase) | Authentication of the logged-in user and maintaining the session | [Session / until logout] |
| [XSRF-TOKEN] | BLLOOG | Security — protection against cross-site request forgery | Session |
| [blloog_consent] | BLLOOG | Stores your cookie consent choices | [12 months] |
| __stripe_mid | Stripe | Fraud prevention and security of payments | 1 year |
| __stripe_sid | Stripe | Fraud prevention and security of payments | 30 minutes |
b) Functional cookies (consent required)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| [lang / ui_prefs] | BLLOOG | Remembers your language and interface preferences | [12 months] |
| NID [and related Google cookies] | Display of embedded interactive maps [loaded only after consent / on your interaction with the map] | 6 months |
c) Analytics cookies (consent required)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _ga | Google Analytics | Distinguishes users for aggregated traffic and usage statistics | 2 years |
| _ga_ [container ID] | Google Analytics | Maintains session state for statistics | 2 years |
| [_ALGOLIA] | Algolia | Anonymous search analytics used to improve search results | [6 months] |
d) Marketing cookies (consent required)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| _fbp | Meta | [Meta Pixel — measurement and targeting of advertising; include only if the Meta Pixel is actually deployed] | 3 months |
| _fbc | Meta | [Stores the click identifier from Meta advertisements — include only if used] | 3 months |
[Add or remove rows in all four tables according to the cookie scan — e.g. Google Sign-In cookies if social login is used, or OneSignal web-push storage if web push notifications are enabled.]
The BLLOOG mobile applications do not use browser cookies, but they include SDKs of our service providers that may store or read information on your device for the same categories of purposes: [Firebase (analytics, crash reporting), the OneSignal SDK (push notifications), the Meta SDK — adjust to the SDKs actually integrated] . Push notifications and the related device tokens are described in section 3(f) of the Privacy Policy and can be disabled at any time in the settings of your device or of the application.
Where an SDK would access advertising identifiers or track you across other companies’ apps, this happens only with your consent — on iOS through the App Tracking Transparency prompt, and on Android you can manage or reset the advertising ID in the system settings (Settings → Privacy → Ads). Analytics and marketing SDK functions can be switched off in [the in-app privacy settings] .
Cookies marked above as provided by Google, Stripe, Meta or Algolia involve the transfer of data to those providers, which may process it also in the United States. The identity of these providers, their roles and the safeguards used for transfers outside the EU/EEA (the EU–U.S. Data Privacy Framework and/or Standard Contractual Clauses) are described in sections 6 and 7 of the Privacy Policy. Further information is available in the providers’ own policies: Google (policies.google.com/privacy), Stripe (stripe.com/privacy), Meta (facebook.com/privacy/policy), Algolia (algolia.com/policies/privacy) and Supabase (supabase.com/privacy).
In addition to the cookie settings under section 4, you can manage or delete cookies directly in your browser:
You can also use the Google Analytics opt-out add-on (tools.google.com/dlpage/gaoptout) or manage interest-based advertising at youronlinechoices.eu. Please note that blocking strictly necessary cookies in the browser may prevent core functions of the platform — such as logging in or completing a payment — from working.
Where cookies involve the processing of your personal data, you have the rights described in section 10 of the Privacy Policy (in particular the rights of access, erasure, objection and the right to withdraw consent, Articles 15 to 22 GDPR). You may exercise them at contact@blloog.com or via the Data Protection Officer, and you may lodge a complaint with the Office for Personal Data Protection (Úřad pro ochranu osobních údajů, www.uoou.gov.cz), whose full contact details are set out in the Privacy Policy.
We may update this Policy from time to time, in particular when the cookies or providers we use change. The current version is always available at https://www.blloog.com/policies/cookie-policy ; material changes will be notified via the cookie banner or within the platform, and where a new purpose requires consent, we will ask for it.
This Policy is valid and effective from 16 June 2026 .
