Cookie Policy
Last updated: 9 June 2026
The short version: this site sets zero cookies. Not for analytics, not for ads, not for consent banners. What we do store in your browser is listed below, in full — and all of it exists so the product works, not to follow you around.
Cookies, and the other kinds of browser storage
"Cookie policy" is the familiar name, but cookies are only one way a website can keep things on your device. The UK's privacy rules (PECR) cover them all — anything stored on or read from your browser, including local storage, IndexedDB databases and offline caches. So this page lists everything we touch, not just cookies. BlueWave happens to use no cookies at all: signing in, themes and offline working all run on browser storage instead.
What this site stores
Everyone
| Key | What it does | How long |
|---|---|---|
bluewave-theme | Remembers your light/dark choice — only set if you use the theme toggle | Until you clear site data |
bw.consent | Remembers that you dismissed our cookie notice (arrives with our cookie notice, in development) | Until you clear site data |
Signed-in office users
| Key | What it does | How long |
|---|---|---|
bw.access_token, bw.refresh_token, bw.token_expiry | Keeps you signed in | Until you sign out, or they expire |
bw.email | Pre-fills your email at sign-in | Until you clear site data |
bw.table, bw.dashboard.engineers | Remembers your column layout and dashboard filters | Until you clear site data |
Engineer app
| Storage | What it does | How long |
|---|---|---|
bw.pwa.* keys | Sign-in session, unsent draft notes, and a flag that you've seen the intro | Session until sign-out; drafts until they sync |
| IndexedDB database | Your assigned jobs, their forms, and an outbox of changes made offline — so the app keeps working with no signal | While you're signed in; cleared with site data |
| Service-worker cache | The app's own files (screens, styles) so it starts offline | Managed by the browser; replaced when the app updates |
Everything above is strictly necessary — UK rules don't require consent for storage that exists purely to deliver the service you asked for. Nothing in these tables identifies you to a third party or tracks you across the web.
Analytics — cookieless, by design
Our site analytics counts pageviews and page-level events in aggregate. It sets nothing on your device and reads nothing from it — no cookie, no fingerprint stored, no identifier. [pending Q8 — provider to be named and the zero-storage claim confirmed before launch]
That's also why you don't see a consent banner here: the consent rules apply to tools that store or access information on your device, and ours doesn't. We owe you transparency instead — which is this page.
⚠ For review: The no-banner position rests on two things a DPO must confirm before launch: (1) the chosen analytics tool genuinely sets/reads nothing on the device (§18 Q8), and (2) the wording above against ICO storage-and- access guidance as in force after the 5 February 2026 rule changes.
How to control browser storage
Your browser can list, block or delete everything described here — look for "site data" or "cookies and site data" in its settings. One honest warning for engineers: clearing site data for this origin while you have unsynced offline work will delete those drafts. Sync first.
If we ever add tracking
If we ever introduce a tool that does store something non-essential on your device — a marketing tag, say — we'll put a real opt-in banner in front of it first: granular choices, nothing pre-ticked, and "reject" as easy as "accept". This page will change at the same time. No silent additions.
Changes
When this policy changes, we'll update it here and change the date at the top. Material changes get flagged to account holders by email.