Cookie Policy

This Cookie Policy explains how Crowdify Pty Ltd (ABN 47 692 719 305) uses cookies and similar technologies (browser local storage, session storage, mobile-app identifiers, device fingerprints) on the Crowdify website and mobile applications. It supplements the Crowdify Privacy Policy, which sets out our broader data handling practices.

A "cookie" is a small text file that a website stores on your device. Cookies let websites remember you, keep you logged in, save your preferences, and understand how the site is used. We also use technologies that behave like cookies (such as local storage and session storage), which we refer to collectively as "cookies and similar technologies" in the rest of this Policy.

Strictly necessary cookies — always on. Without these, the Platform cannot function.
• Supabase session cookies — keep you logged in
• CSRF / anti-forgery tokens — protect form submissions and API requests
• Sidebar / layout state — remembers whether the sidebar is open or collapsed (purely UI)
• Cookie-consent state — remembers your choice on the cookie banner

Functional cookies — improve your experience. Always on for logged-in Users; optional for guests.
• Display preferences (e.g. category filters, "Near me" toggle)
• Language and locale settings
• Recently viewed Events

Analytics cookies — optional; only used if you accept analytics on the cookie banner.
• PostHog page-view and event analytics, used to understand which features are useful and where users get stuck
• PostHog does not run session replay, does not record passwords or card data, and is configured to mask any form input fields
• PostHog identifiers are pseudonymous and are deleted within 30 days of Account deletion

Anti-fraud — always on as a security measure (cannot be disabled).
• FingerprintJS Pro device fingerprint ("visitor ID") used to detect duplicate accounts, multi-account fraud, and self-funding of Crowdfunded Events
• The visitor ID is a pseudonymous identifier; we treat it as personal information and apply the protections set out in the Privacy Policy

Advertising cookies — not used.
• Crowdify does not currently use any third-party advertising cookies, retargeting pixels, or behavioural advertising. If this changes, we will update this Policy and re-prompt for consent.

Our iOS and Android applications use device identifiers and local storage instead of browser cookies, but the purposes are the same:
• authentication session tokens (Supabase Auth)
• user preferences (UI state, language, region)
• push-notification tokens (where you have granted permission)
• device fingerprint (FingerprintJS Pro, for fraud prevention)
• product analytics (PostHog, where you have consented)
• crash reports and performance telemetry

The Crowdify iOS app ships with a Privacy Manifest (per Apple's requirements from May 2024 onwards) declaring all data types collected and required-reason API usage. The Crowdify Android app discloses the same data in the Google Play Data Safety form.

On first visit to the website, we show a cookie consent banner that lets you accept analytics, decline analytics, or open Settings to configure your choices individually. Strictly-necessary and functional cookies are always on because the Platform cannot function without them.

You can change your choices at any time by clicking "Cookie Settings" in the footer. Your choice is stored in your browser; if you clear browser data, the banner will appear again.

Your browser also lets you block or delete cookies at the operating-system level. Blocking strictly-necessary cookies will prevent the Platform from working correctly.

On mobile devices, you can:
• disable push notifications from your device's OS settings
• withdraw location permission from your device's OS settings
• fine-tune analytics consent in the in-app Privacy settings

Anti-fraud measures cannot be turned off (this is a security necessity and a lawful basis under APP 6 / our legitimate interest). We do not use the visitor ID for any purpose other than fraud prevention.

The Platform integrates with a small number of third-party services. Each of these may set its own cookies or storage when its functionality is loaded. The full list is in the Crowdify Subprocessor List (https://crowdify.com.au/subprocessors), and the most important ones for cookie purposes are:

• Stripe — sets cookies on the Stripe Elements / Stripe Checkout iframes for payment processing and fraud detection. Stripe's cookie policy is at https://stripe.com/cookies-policy/legal.
• PostHog — analytics cookies (only with consent). See https://posthog.com/privacy.
• FingerprintJS Pro — anti-fraud (always on). See https://fingerprint.com/privacy/.

We do not control third-party cookies. Their use is governed by the relevant third-party's own privacy and cookie policies.

We may update this Cookie Policy from time to time. Material changes (for example, adding a new category of cookies, or starting to use advertising cookies) will be notified by an updated cookie banner and an in-app notice. The "Last Updated" date at the top of this Policy is revised on every change.

For questions about this Policy or about cookies on the Platform:
Email: privacy@crowdify.com.au

Crowdify Pty Ltd
ABN 47 692 719 305