Cookie Policy
1. Introduction
This Cookie Policy explains how BLEND uses cookies and similar technologies on the website at blendapp.ge and, where applicable, in our mobile application. It forms part of our Privacy Policy and should be read alongside it.
In short: the BLEND website does not use Google Analytics, advertising, or cross-site tracking cookies. We rely on cookieless, server-side analytics, and set only a small number of strictly-essential and (optional) functional first-party cookies where you use interactive features such as signing in.
2. What Are Cookies & Similar Technologies
Cookies are small text files stored on your device when you visit a website, used to make sites work efficiently and remember your preferences. Session cookies are deleted when you close your browser; persistent cookies remain for a set period. First-party cookies are set by BLEND; third-party cookies are set by integrated services.
We also use similar technologies, including browser local and session storage (data kept on your device, not sent with every request) and, in the mobile app, third-party SDK identifiers (such as Firebase). References to “cookies” below include these technologies where relevant.
3. Categories of Cookies We Use
Strictly essential
Necessary for the site to function and kept to a minimum — maintaining an authenticated session when you sign in, CSRF security protection, and remembering your cookie-consent choice. These are placed on the basis of our legitimate interest in a secure, functional site and do not require consent.
Functional
Not strictly necessary but improve your experience — for example, remembering your language or interface preferences. Placed only with your consent; you can use the site without them.
Analytics & performance
We use cookieless, server-side analytics (see Section 5) and do not place Google Analytics or any analytics cookies on the website.
Marketing & advertising
BLEND does not use marketing or advertising cookies and does not share user data with advertising networks for targeted third-party advertising. If this ever changes, we will update this Policy with at least 30 days’ notice and seek consent where required.
4. Cookies We Set
The public website is effectively cookieless. The following first-party cookies may be set only where you use interactive or signed-in BLEND services:
Strictly essential
- blend_session — maintains your authenticated session; session-only (cleared on logout/browser close).
- blend_csrf — cross-site request forgery (CSRF) protection; session-only.
- blend_cookie_consent — remembers your cookie-consent choice so we don’t ask on every visit; persistent, up to 12 months.
Functional (consent-based)
- blend_lang — remembers your language/region preference; persistent, up to 12 months.
- blend_ui_prefs — remembers interface preferences (e.g. dismissed banners); persistent, up to 6 months.
5. Analytics (Cookieless)
Our website analytics are provided by Cloudflare, measured at Cloudflare’s edge from request metadata. This measurement is cookieless — it sets no cookies on your device, runs no tracking script that identifies you, and does not perform cross-site tracking. It is used only to understand aggregate traffic and performance and to keep the site reliable.
We do not use Google Analytics on the website. Aggregate, anonymised analytics within the mobile app are handled by Firebase (see Section 7).
6. Local & Session Storage
BLEND may use browser local and session storage to cache authentication tokens issued by Firebase Authentication (to keep you signed in without repeated server round-trips), store temporary application state, and improve performance. We do not store sensitive personal data in local storage, and where technically feasible authentication state is managed using HttpOnly cookies to reduce exposure to JavaScript-based attacks.
7. Mobile App — Firebase SDKs
Our mobile app does not use browser cookies. It uses Firebase SDKs from Google LLC that serve similar functions:
- Firebase Authentication — sign-in and secure session management (authentication tokens, user identifier, device tokens).
- Firebase Analytics — aggregate, anonymised usage data (screen views, non-identifying engagement events, app instance identifier).
- Firebase Cloud Messaging — delivery of push notifications (device-level registration token).
- Firebase Crashlytics — crash reporting and stability (crash logs, device model, OS and app version; no personally identifiable data).
You can limit mobile analytics via your device settings (iOS: Settings › Privacy & Security › Tracking; Android: Ads settings). BLEND does not use device advertising identifiers for behavioural advertising.
8. Your Choices & Consent
Where we use non-essential (functional) cookies, you can accept or decline them, and withdraw consent at any time — via a “Cookie Preferences” link in the footer, by clearing cookies in your browser, or by contacting security@blendapp.ge. Strictly essential cookies cannot be disabled, as they are required for the site to function. Withdrawing consent does not affect processing carried out before withdrawal.
You can also control cookies directly in your browser settings (Chrome, Firefox, Safari, Edge, Opera all allow blocking or deleting cookies). Disabling essential or functional cookies may affect how parts of the site work.
9. Cookie Security
Cookies we set directly use appropriate protections: the HttpOnly flag on authentication/session cookies (so they cannot be read by JavaScript, mitigating XSS), the Secure flag (transmitted only over HTTPS), the SameSite attribute (Strict/Lax, for CSRF protection), and data minimisation — cookies contain only what is necessary, never sensitive personal data.
10. Data Transfers
Firebase (Google LLC), used in the mobile app, is established in the United States; data may be transferred there under Standard Contractual Clauses and other GDPR Chapter V mechanisms. Cloudflare provides cookieless edge analytics. First-party data processed by BLEND may be stored in Georgia; EU/EEA transfers rely on Standard Contractual Clauses where applicable, as described in our Privacy Policy.
11. Cookies & Children
BLEND is not intended for individuals under 16, and we do not knowingly place analytics or functional cookies on the devices of persons under 16. If you believe a person under 16 is using BLEND, contact security@blendapp.ge.
12. Record of Consent
Where we rely on your consent for non-essential cookies, we keep a record of the date and time of consent, the version of the notice shown, and the categories accepted. This is stored in the blend_cookie_consent cookie and/or our server-side log, used only to demonstrate compliance, and retained for up to 13 months, after which renewed consent is sought.
13. Changes to This Policy
We may update this Cookie Policy to reflect changes in the technologies we use, the law, or our website. The “Last updated” date reflects the latest version, and for material changes we will refresh the consent notice and, where significant, give advance notice by email or in-app notification.
14. Contact
For questions about this Cookie Policy or our use of cookies and similar technologies, contact:
- Email: security@blendapp.ge
- Website: blendapp.ge
- Address: Apesanteur LLC (შპს „აპესანტირ“), Tbilisi, Georgia