Cookie Policy

Last updated: 17 May 2026

Full Transparency: No Bindi is committed to transparency about the storage technologies it uses. This Policy explains what cookies are, which ones we use, why, and how you can control your preferences, in compliance with the law of Guinea-Bissau, ECOWAS Supplementary Act A/SA.1/01/10, the African Union Malabo Convention, the EU ePrivacy Directive (2002/58/EC) and the GDPR (Regulation (EU) 2016/679).

1. What Are Cookies?

Cookies are small text files that a website places on your device (computer, tablet or mobile phone) when you visit it. Cookies allow the website to remember information about your visit — such as your authentication status or preferences — making browsing more efficient and personalised.

By origin

First-party cookies: Placed directly by No Bindi
Third-party cookies: Placed by external services integrated into the Platform

By duration

Session cookies: Deleted when the browser is closed
Persistent cookies: Stored for a defined period after the browser is closed

2. Technologies We Use

No Bindi uses the following storage technologies depending on the platform used:

Website (www.no-bindi.com)

Uses standard HTTP cookies stored by the browser. Transmitted automatically with each server request. Also uses localStorage for data that does not need to be sent to the server (UI preferences).

Mobile App (iOS and Android)

Uses AsyncStorage — the native persistent local storage solution for React Native. It works similarly to cookies but stores data directly in the device's file system and is not automatically transmitted to the server.

3. Cookie Types and Purposes

No Bindi uses four categories of cookies, with different purposes and consent requirements:

Strictly Necessary

Always Active

Cookies essential to the basic functioning of the Platform. Without them, essential features such as authentication and security are unavailable. They do not require consent and cannot be disabled.

Name	Purpose	Duration
session_token	Authentication and maintaining the active session	60 minutes (renewable)
refresh_token	Secure renewal of the access token	Until logout
locale_pref	Language preference selected by the user	1 year
csrf_token	Protection against CSRF attacks	Session
cookie_consent	Record of consent preferences	1 year

Functional

Requires Consent

Cookies that improve the experience by remembering user choices and preferences. Not strictly necessary, but provide a more personalised experience.

Name	Purpose	Duration
theme_pref	Light/dark theme preference	1 year
onboarding_seen	Record of onboarding tutorial completion	1 year

Analytics

Requires Consent

Allow us to understand how users interact with the Platform so we can continuously improve it. Data collected is anonymised or pseudonymised and is not used to identify users individually.

Name	Purpose	Duration
_vercel_analytics	Aggregated traffic analysis (no personal tracking)	session
session_metrics	Session duration and usage patterns (anonymised)	13 months

Marketing & Advertising

Requires Consent

Used to present more relevant content and listings and to measure the effectiveness of any campaigns. Only activated with the user's express consent.

Name	Purpose	Duration
ad_pref	Content personalisation based on interests	1 year
conv_track	Campaign conversion tracking	90 days

4. Local Storage (AsyncStorage)

In the No Bindi mobile app, we use AsyncStorage — React Native's native local persistent storage solution — to store data on the user's device. This technology is the functional equivalent of cookies in a mobile app context.

Data Stored Locally in the App

Key	Purpose	Duration	Required
auth_session	Access token + basic session data	60 min (renewable)	Yes
refresh_token	Silent session renewal	Until logout	Yes
theme_pref	Light/dark theme preference	Permanent	Functional
locale_pref	Interface language (PT/EN)	Permanent	Functional
onboarding_seen	Record of onboarding tutorial completion	Permanent	Functional
listing_cache	Listing cache for performance	24 hours	Yes
push_token	Expo token for push notifications	Until revoked	Functional

Data stored in AsyncStorage remains on the user's device and is not shared with third parties except as described in the Privacy Policy. Users can clear this data by deleting the app's data in the device settings or by uninstalling the app. Purpose.

5. Third-Party Services

No Bindi integrates third-party services that may store data on the device or process data on external servers. All listed providers are subject to contractual confidentiality and security agreements and operate solely as data processors for No Bindi.

Cloudinary

Essential: Image Storage

All images uploaded to the Platform (listing photos, profile avatars, chat images and Premium payment receipts) are stored in the Cloudinary CDN and image storage service. No tracking cookies are placed. Image URLs are stored in the No Bindi database.

Data processed

Uploaded image files; returned public image URL

Retention

Duration of the account or listing

Email Provider (SMTP / Resend)

Essential: Email Communication

Transactional emails (email verification code, password reset code, account notifications and security alerts) are sent via a configured SMTP email provider or via the Resend service. These providers only have access to the recipient's email address and the content of the sent email.

Data processed

Recipient email address; email content

Retention

Per provider policy (send logs: up to 30 days)

Expo Push Notification Service

Functional: Push Notifications

Push notifications to the mobile app are sent via the Expo Push Notification Service by Expo, Inc. For this purpose, the device push notification token (Expo Push Token — an anonymous device identifier) is stored by No Bindi and transmitted to the Expo service when a notification needs to be sent. Expo has no access to any other personal data of the user.

Data processed

Expo Push Token (anonymous device identifier)

Retention

Until permissions are revoked or account is deleted

Vercel Analytics

Analytics: Privacy-first

For marketing website traffic analysis, we use Vercel Analytics — a solution integrated into the Vercel infrastructure that does not use tracking cookies, does not identify users individually, and collects only aggregated and anonymised data. The data is GDPR-compatible without requiring cookie consent.

Data processed

Aggregated visit data (country, device type, referrer, page) — no identifiable personal data

Retention

Anonymised aggregate data, per Vercel policy

Cloud Infrastructure (Render.com / Neon PostgreSQL)

Essential: Server and Database

Platform data is processed and stored on cloud infrastructure servers (Render.com server; managed PostgreSQL database). These providers act as data processors with restricted access to data for hosting purposes, subject to contractual security and confidentiality obligations, and do not use the data for any other purpose.

Data processed

All Platform data stored in the database

Retention

Per periods defined in the Privacy Policy

6. Legal Basis for Cookies

No Bindi's use of cookies and similar technologies is based on the following legal grounds, in compliance with the EU ePrivacy Directive (2002/58/EC), the GDPR, ECOWAS Supplementary Act A/SA.1/01/10 and the Malabo Convention:

Technical Necessity / Legitimate Interest

Strictly necessary cookies are used on the basis of technical necessity to provide the service expressly requested by the user (authentication, security, session maintenance). These cookies do not require consent, as they are indispensable to the functioning of the Platform.

Express Consent

Functional, analytics and marketing cookies are only used with the user's free, specific, informed and unambiguous consent, obtained through the consent banner displayed on the first visit to the website. Consent can be withdrawn at any time without affecting the lawfulness of prior processing.

For users resident in the European Union, the regime of Directive 2002/58/EC and its national implementations applies, requiring prior consent for non-essential cookies, in conjunction with the consent validity requirements of Article 7 of the GDPR. Notably, users have the right to refuse non-essential cookies as easily as they accept them.

7. Retention Periods

Each cookie or locally stored data item has a defined lifetime, after which it is automatically deleted. The following table summarises the periods by category:

Category	Maximum Period	Deletion
Strictly Necessary	60 min – 1 year	Automatic at end of period or on logout
Functional	1 year	Automatic or manual deletion in settings
Analytics	13 months	Automatic; data anonymised after expiry
Marketing	1 year	Automatic or after consent is withdrawn
AsyncStorage (auth)	60 min – until logout	Logout or app data deletion
AsyncStorage (prefs)	Permanent	Manual deletion or app uninstall

The periods shown are maximums. Session cookies are deleted when the browser or app is closed. Access tokens expire after 60 minutes and are automatically renewed in the background while the user is active.

8. How to Manage Your Preferences

You have the right to control your cookie preferences and to change or withdraw your consent at any time, at no cost and without affecting your ability to use the essential features of the Platform.

8.1 Consent Banner (Website)

On your first visit to the website, a consent banner is displayed allowing you to:

Accept All: Activates all cookie categories;
Essential Only: Activates only strictly necessary cookies;
Customise: Allows you to individually enable or disable each non-essential cookie category.

Preferences are saved in a consent cookie (cookie_consent) lasting 1 year. You can change your preferences at any time by accessing the cookie_consent Cookie Settings in the website footer.

8.2 Management in the Mobile App

In the mobile app, preferences can be managed in:

Settings › Privacy: for personalisation preferences;
Settings › Notifications: to manage push notification permissions;
Device Settings › No Bindi: to revoke permissions at the operating system level.

8.3 Browser Management

You can also manage or block cookies directly in your browser settings (Chrome, Firefox, Safari, Edge, Opera). Disabling essential cookies in the browser may affect Platform functionality, including session maintenance.

8.4 Clearing AsyncStorage (Mobile App)

To clear all data stored locally in the mobile app, you can access the device settings and clear the No Bindi app data, or uninstall the app. Note that this action deletes authentication tokens, requiring a new login.

9. Regional and International Compliance

Guinea-Bissau

This Cookie Policy is drawn up in compliance with the national legislation of the Republic of Guinea-Bissau on electronic communications and data protection in force. No Bindi will apply any specific provisions relating to cookies and tracking technologies that may be adopted.

ECOWAS: Supplementary Act A/SA.1/01/10 (2010)

The ECOWAS Supplementary Act on Personal Data Protection establishes principles applicable to data collection through tracking technologies. No Bindi complies with the principles of limited purpose (cookies used only for the stated purposes), proportionality (only necessary cookies) and transparency (clear information to the user).

African Union: Malabo Convention (2014)

The AU Convention on Cybersecurity and Personal Data Protection requires member states to adopt standards for the protection of citizens' data in the context of online tracking technologies. No Bindi aligns its practices with the principles of the Malabo Convention, particularly the principles of consent, transparency and data subjects' rights.

European Union: For European Diaspora Users

For users resident in the EU, Directive 2002/58/EC (ePrivacy Directive) and its national transpositions apply, requiring prior consent for non-essential cookies, as well as the GDPR regarding the validity and management of consent. No Bindi ensures that European users can refuse non-essential cookies as easily as they accept them, and that consent can be withdrawn at any time.

10. Changes to This Policy

No Bindi may update this Cookie Policy to reflect changes in the services used, storage practices or legal requirements.

In the event of material changes — in particular the addition of new third-party services that use cookies — the user will be notified via a new consent banner or in-app notification, and asked to confirm or review their preferences.

The updated version of this Policy will always be published on this page with the date of the last update. We recommend that users consult it periodically.

11. Contact

For questions about cookies or to exercise your privacy rights:

Privacy & Cookies

[email protected]

Cookie and privacy queries: response within 30 days

General Support

[email protected]

General queries: response within 24–48 business hours

Address

No Bindi — Bissau, Republic of Guinea-Bissau

You also have the right to lodge a complaint with the competent data protection authority in your jurisdiction of residence, without needing to contact No Bindi first.