Last updated: May 7, 2026
This Cookie Policy explains what cookies and similar storage technologies are set when you use the NAPSPAN websites and what controls you have. It implements our duties under Article 5(3) of Directive 2002/58/EC (ePrivacy Directive), as transposed by EEA member states (e.g. §25 TTDSG / DDG in Germany, the LCEN in France). It complements — but does not replace — the Privacy Policy.
A "cookie" is a small text file that a website asks your browser to store on your device. Similar technologies include local storage, session storage, and IndexedDB. Under EU law, the same consent rules apply to all of them when they are used to store information on, or read information from, your device.
We do not run analytics, advertising, retargeting, social-media, or session-replay scripts. We do not embed third-party marketing pixels. We use cookies and local storage only where they are strictly necessary for the part of the Service you have requested, within the meaning of Article 5(3) of Directive 2002/58/EC. Strictly-necessary storage is exempt from the consent requirement and does not require a banner.
The marketing site (napspan.com and its language sub-paths /de/ and /fr/) sets no cookies of its own and writes no entries to local or session storage from its own scripts. The browser may, of its own accord, cache static assets (CSS, JS, images, fonts) — this is normal HTTP caching, not a cookie.
If you sign in to the developer portal, the following strictly-necessary items are set so that the application works:
localStorage on successful sign-in. Used to authenticate you on subsequent requests. Strictly necessary; expires on sign-out or after the configured idle period.HttpOnly + SameSite=Strict cookie, where used. Prevents cross-site request forgery on state-changing endpoints. Strictly necessary; expires with the session.localStorage. Strictly necessary to deliver the preference you set.The live map is publicly accessible without sign-in. The application may write the following strictly-necessary entries:
localStorage, so that the map opens where you last left itlocalStorage, to remember your language choicelocalStorageMap tiles are served from our infrastructure and from OpenStreetMap-derived tile servers; no tracking cookies are set by these tile requests.
Our pages load the Space Grotesk web font from fonts.googleapis.com and fonts.gstatic.com. When your browser fetches the font file, it transmits its IP address and the requested URL to Google Ireland Limited / Google LLC. Google has stated that fonts requested via the Google Fonts API are not used to identify users. We have evaluated the risk and concluded the disclosure is necessary for legitimate-interest balancing under Article 6(1)(f) GDPR (consistent typography across the site) and that no cookies are set by the font request.
We are reviewing the option of self-hosting the font file to remove this third-country interaction altogether; the font file is small enough that self-hosting is straightforward.
Server access logs (truncated IP, user-agent, request path, timestamp) are not cookies. Their handling and retention are described in Section 2.7 of the Privacy Policy.
You can clear, block, or restrict cookies and storage at any time through your browser settings. Most browsers also offer an "incognito" or "private" mode that limits storage to the duration of the session.
Note: blocking strictly-necessary cookies/storage on the developer portal will prevent sign-in.
We do not run cross-site or behavioural tracking, so the "Do Not Track" header and the Global Privacy Control signal do not change anything on our sites — there is nothing to opt out of.
We will update this page if our use of cookies or similar storage changes materially. The "Last updated" date at the top reflects the most recent revision.
For questions about this Cookie Policy, write to [email protected].