Sign up

Legal

Cookie Policy

Last updated: 11 May 2026

This policy explains the cookies and similar technologies (local storage, session storage, web push subscriptions) we use, why we use them, and how to control them.

What is a cookie?

A cookie is a small text file a website asks your browser to save. It usually contains an identifier so the site can remember you across page loads — like keeping you signed in or remembering your locale.

Cookies we use

Strictly necessary (cannot be disabled)

  • Authentication session — a secure, http-only cookie identifying your logged-in session. Set by NextAuth when you sign in. Expires when you sign out or after 30 days of inactivity.
  • CSRF token — protects sign-in and form submissions from cross-site request forgery. Cleared on session end.
  • Locale preference (bv_locale) — stores your chosen UI language (English / Te Reo / etc.). Persists across devices.

Functional (default on, can be disabled in browser)

  • Browser session ID (bv_sid in sessionStorage) — used to dedupe featured-placement impression events so the same view doesn't count twice. Cleared when you close the tab.
  • Push subscription — if you opt in to notifications, the browser stores a subscription endpoint and crypto keys locally. You can revoke at any time in your browser's site settings.

Analytics (aggregate, no personal profile)

We use simple server-side analytics on page views (counts and routes only) — no third-party analytics scripts that fingerprint you. We don't use Google Analytics.

Advertising

Pages with ads load Google AdSense, which sets its own cookies for ad delivery, frequency capping, and (depending on your consent and Google's policies) personalisation. You can:

  • Turn off personalised ads at Google Ads Settings.
  • Block Google ad cookies via your browser's privacy controls.

See Google's policy at policies.google.com/technologies/cookies.

Payments

When you make a card payment, Stripe loads its checkout iframe which sets cookies under stripe.com for fraud detection and session management. These are strictly necessary for the payment to work.

Controlling cookies

You can block or delete cookies in your browser:

  • Chrome — Settings → Privacy and security → Cookies
  • Safari — Settings → Privacy → Manage Website Data
  • Firefox — Settings → Privacy & Security → Cookies and Site Data

Blocking strictly-necessary cookies will prevent you from signing in or making bookings. Blocking the rest is generally safe.

Do Not Track

We respect browser-level “Do Not Track” signals where feasible. Since we don't use cross-site tracking analytics, DNT doesn't change much about your experience here, but third-party ad cookies (AdSense) honour their own DNT and Global Privacy Control handling.

Changes

Updates to this policy will be reflected at the top of the page. For major changes we'll show a banner.

Questions? Email legal@badmintonvillage.co.nz or use the contact form.