Cookie Policy

Last updated: 9 June 2026

The short version: this site sets zero cookies. Not for analytics, not for ads, not for consent banners. What we do store in your browser is listed below, in full — and all of it exists so the product works, not to follow you around.

Cookies, and the other kinds of browser storage

"Cookie policy" is the familiar name, but cookies are only one way a website can keep things on your device. The UK's privacy rules (PECR) cover them all — anything stored on or read from your browser, including local storage, IndexedDB databases and offline caches. So this page lists everything we touch, not just cookies. BlueWave happens to use no cookies at all: signing in, themes and offline working all run on browser storage instead.

What this site stores

Everyone

KeyWhat it doesHow long
bluewave-themeRemembers your light/dark choice — only set if you use the theme toggleUntil you clear site data
bw.consentRemembers that you dismissed our cookie notice (arrives with our cookie notice, in development)Until you clear site data

Signed-in office users

KeyWhat it doesHow long
bw.access_token, bw.refresh_token, bw.token_expiryKeeps you signed inUntil you sign out, or they expire
bw.emailPre-fills your email at sign-inUntil you clear site data
bw.table, bw.dashboard.engineersRemembers your column layout and dashboard filtersUntil you clear site data

Engineer app

StorageWhat it doesHow long
bw.pwa.* keysSign-in session, unsent draft notes, and a flag that you've seen the introSession until sign-out; drafts until they sync
IndexedDB databaseYour assigned jobs, their forms, and an outbox of changes made offline — so the app keeps working with no signalWhile you're signed in; cleared with site data
Service-worker cacheThe app's own files (screens, styles) so it starts offlineManaged by the browser; replaced when the app updates

Everything above is strictly necessary — UK rules don't require consent for storage that exists purely to deliver the service you asked for. Nothing in these tables identifies you to a third party or tracks you across the web.

Analytics — cookieless, by design

Our site analytics counts pageviews and page-level events in aggregate. It sets nothing on your device and reads nothing from it — no cookie, no fingerprint stored, no identifier. [pending Q8 — provider to be named and the zero-storage claim confirmed before launch]

That's also why you don't see a consent banner here: the consent rules apply to tools that store or access information on your device, and ours doesn't. We owe you transparency instead — which is this page.

⚠ For review: The no-banner position rests on two things a DPO must confirm before launch: (1) the chosen analytics tool genuinely sets/reads nothing on the device (§18 Q8), and (2) the wording above against ICO storage-and- access guidance as in force after the 5 February 2026 rule changes.

How to control browser storage

Your browser can list, block or delete everything described here — look for "site data" or "cookies and site data" in its settings. One honest warning for engineers: clearing site data for this origin while you have unsynced offline work will delete those drafts. Sync first.

If we ever add tracking

If we ever introduce a tool that does store something non-essential on your device — a marketing tag, say — we'll put a real opt-in banner in front of it first: granular choices, nothing pre-ticked, and "reject" as easy as "accept". This page will change at the same time. No silent additions.

Changes

When this policy changes, we'll update it here and change the date at the top. Material changes get flagged to account holders by email.