Cookie Policy

Last updated: April 2026
Version: 2026.04
Controller: Mind the Journey
Email: privacy@mindthejourney.com

1. What Cookies Are

Cookies are small text files that websites store on your device (computer, smartphone, tablet) when you visit them. They are used to:

Remember your preferences (language, theme)
Keep a session active (login)
Analyze how users interact with the site
Personalize content and advertising

Mind the Journey also uses localStorage, a technology similar to cookies but with greater storage capacity, to store preferences and consent choices.

2. Types of Cookies Used

2.1 Technical Cookies (Always Active)

These cookies are essential for the operation of the site and do not require your explicit consent under applicable rules (Art. 122 Italian Privacy Code and guidance from the Italian Data Protection Authority).

Cookie Name	Purpose	Duration	Type
`mtj_consent`	Stores your cookie preferences (accepted/rejected)	12 months	localStorage
`mtj_anon_id`	Random anonymous ID for internal statistics (does not identify you)	Persistent	localStorage
`mtj_language`	Selected language (Italian or English)	Persistent	localStorage
`mtj_legal_notice_seen`	Tracks whether you already viewed the legal notice	Persistent	localStorage

Legal basis: Technical necessity (Art. 6(1)(b) GDPR)
Deletion: Automatic at expiry or manually through browser settings

Note on localStorage:
localStorage is treated as a "technical cookie" when it is used for essential functions such as storing consent. Data is stored locally on your device and is not automatically transmitted to our servers.

2.2 Analytics Cookies (Optional - Consent Required)

These cookies collect aggregate and anonymous information about how users interact with the site (most visited pages, time on page, navigation paths).

Google Analytics 4 (if used)

Cookie Name	Purpose	Duration	Type
`_ga`	Distinguishes unique users anonymously	2 years	HTTP Cookie
`_gid`	Distinguishes users for 24 hours	24 hours	HTTP Cookie
`_gat_gtag_UA_*`	Limits request frequency	1 minute	HTTP Cookie

Provider: Google LLC (USA)
Privacy Policy: https://policies.google.com/privacy
Opt-out: https://tools.google.com/dlpage/gaoptout
Data transfer: USA (protected by Standard Contractual Clauses)

Collected data:

Visited pages (URL, title)
Session duration
Traffic source (for example Google, social, direct)
Device and browser (type, version, resolution)
NO directly identifiable personal data (names, email addresses, street addresses)

Plausible Analytics (privacy-friendly alternative)

If we use Plausible instead of Google Analytics:

Cookies: None
Method: Fully anonymous tracking without cookies
Collected data: Aggregate statistics only (pageviews, duration, referrer)
Location: EU servers (Germany)
Privacy by Design: GDPR compliant without cookies according to common privacy-oriented interpretations
Open source: Verifiable source code on GitHub

Note: Even if Plausible is privacy-friendly, we still keep explicit consent for maximum transparency.

2.3 Functional Cookies (Optional - Consent Required)

These cookies improve the user experience by storing personalized preferences.

Cookie Name	Purpose	Duration	Type
`mtj_theme_preference`	Preferred visual theme (BorderScapes, Wild Realms, etc.)	24 months	localStorage
`mtj_saved_destinations`	Locations added to favorites (ID list)	24 months	localStorage
`mtj_map_filters`	Filters applied on the globe (selected categories)	24 months	localStorage
`mtj_globe_view`	Last globe view (zoom, rotation, theme)	6 months	localStorage

Note: These cookies are active only when account and favorites features are available.

2.4 Third-Party Cookies

Mapbox (if used for 2D maps)

Cookie Name	Purpose	Duration	Provider
`mapbox`	Stores map display preferences	1 year	Mapbox Inc.

Privacy Policy: https://www.mapbox.com/legal/privacy
Collected data: Displayed coordinates, zoom level, map style
Consent: Required through the "Functional" category

3. Legal Basis and Consent

Cookie Category	Consent Required	Legal Basis
Essential Technical	No	Technical necessity (Art. 122 Italian Privacy Code)
Analytics	Yes	Explicit consent (Art. 6(1)(a) GDPR)
Functional	Yes	Explicit consent (Art. 6(1)(a) GDPR)

Consent is:

Freely given: You may refuse without affecting basic browsing
Specific: Separate for each category
Informed: Explained in this policy
Revocable: Changeable at any time

4. How to Manage Cookies

4.1 Through Our Cookie Banner

On your first visit, we display a banner with 3 options:

Accept All: Enables technical, analytics and functional cookies
Essential Only: Enables only technical cookies
Customize: Lets you choose which categories to enable

Change your preferences later:

Click "Cookie Settings" (fixed button at the bottom right)
Visit the Privacy Dashboard
Write to privacy@mindthejourney.com

4.2 Through Your Browser

You can manage or delete cookies directly from your browser settings.

Google Chrome

Menu (three dots) -> Settings
Privacy and security -> Cookies and other site data
See all site data and permissions -> Search for "mindthejourney"
Remove individual cookies or clear all site data

Mozilla Firefox

Menu (three lines) -> Settings
Privacy & Security -> Cookies and Site Data
Manage Data -> Search for "mindthejourney"
Remove selected or remove all

Safari (macOS/iOS)

Preferences -> Privacy
Manage Website Data -> Search for "mindthejourney"
Remove

Microsoft Edge

Menu (three dots) -> Settings
Privacy, search, and services -> Clear browsing data
Choose what to clear -> Cookies

Note: Disabling all cookies may prevent some parts of the site from working correctly (for example saving your preferred language).

4.3 Through Opt-Out Tools

Google Analytics: Browser Add-on Opt-out
Do Not Track: We respect the browser DNT signal where technically applicable
European Interactive Digital Advertising Alliance: youronlinechoices.com

5. Cookies and localStorage: What Is the Difference?

Feature	HTTP Cookie	localStorage
Sent to server	Yes, with each request	No, local only
Capacity	~4 KB	~5-10 MB
Expiry	Configurable	Persistent (until deleted)
Accessibility	JavaScript + HTTP	JavaScript only
Privacy	More traceable	More privacy-friendly

Mind the Journey prefers localStorage for essential technical data (consent, language) because:

It is not sent to the server with every request (faster)
It offers greater privacy (data remains on the device)
It provides more room for complex preferences (filters, saved destinations)

6. Duration and Retention

Type	Maximum Duration	Deletion
Consent	12 months	Automatic at expiry or manual
Analytics	14 months	Google Analytics retention policy
Functional	24 months	Automatic or manual
Session	End of browser session	Automatic on close

At expiry, cookies are automatically deleted or you will be asked to confirm consent again.

7. Detailed Purposes by Category

Technical Cookies

Specific purposes:

Save the selected language so you are not asked every time
Store cookie consent choices for GDPR compliance
Keep application state (globe theme, current view)
Prevent CSRF attacks (Cross-Site Request Forgery)
Load balancing across servers where applicable

Without these cookies: The site would only work partially (for example language would reset and the banner would reappear every time).

Analytics Cookies

Specific purposes:

Understand which content (countries, themes) is most popular
Identify technical issues (pages with high bounce rate)
Optimize performance (slow pages, 404 errors)
Improve UX through real navigation data
Decide future features based on real usage patterns

Data NOT collected:

No names, surnames or email addresses unless voluntarily submitted through forms
No full IP address (anonymized only)
No financial or health information
No special-category data (religion, political views, etc.)

Functional Cookies

Specific purposes:

Remember preferred theme
Save destinations to favorites
Keep active filters (for example only UNESCO sites)
Restore last globe position (zoom, rotation)
Synchronize preferences across devices when account features are active

8. International Transfers

Google Analytics (USA)

If Google Analytics is used, some data may be transferred to the United States, where Google LLC operates its main servers.

Appropriate safeguards (Art. 46 GDPR):

Standard Contractual Clauses (SCC): Clauses approved by the European Commission
EU-US Data Privacy Framework: Google certification where applicable
Transfer Impact Assessment (TIA): Evaluated in light of Schrems II
Supplementary measures: Pseudonymization, IP anonymization, data minimization

Legal references:

Schrems II judgment (C-311/18)
EDPB Recommendations 01/2020
Commission Decision 2021/914 (updated SCC)

Plausible Analytics (EU)

If Plausible is used, all data stays in the European Union (servers in Germany).

Privacy advantages:

No extra-EU data transfers
GDPR compliant by design
No cookies, anonymous tracking
Open source and verifiable

9. Minors and Cookies

Minimum age for digital consent:

Italy: 14 years (Art. 2-quinquies D.Lgs. 196/2003)
Other EU countries: the applicable national threshold applies (13-16 years depending on the country)

Cookie banner behaviour by age group:

Below the applicable threshold: message "Please ask a parent for permission" - no analytics or functional cookies activated
From the applicable threshold to 17 years: independent consent valid for analytics and functional cookies
18 years and over: full consent

Note for parents and guardians: if your child has used the site and you wish to delete locally stored data:

Follow the instructions in the "How to Manage Cookies" section
Or write to privacy@mindthejourney.com with proof of the parental or guardian relationship

10. Cookies and Security

Security Measures Implemented

Cookie protection:

Secure flag: Cookies sent only over HTTPS
HttpOnly flag: Cookies not accessible from JavaScript where applicable
SameSite attribute: Protection against CSRF attacks
Limited expiry: No endless cookie duration

localStorage protection:

Origin isolation: Data accessible only from our domain
Content Security Policy: Limits malicious scripts
XSS protection: User input sanitization

Regular audits:

Quarterly scans with Cookiebot/OneTrust where used
Annual penetration tests
Policy review whenever GDPR-relevant updates are introduced

11. Updates and New Cookies

When we add new cookies:

We update this Cookie Policy
We change the "Last updated" date at the top
If the change is substantial: we show a notice banner and request new consent
If the change is minor: we update the policy silently and you can verify it here

Substantial change notices:

In-site banner for 7 days
Email to registered users where applicable
Request for fresh consent at the next login where needed

Version history: Available on request at privacy@mindthejourney.com

12. Frequently Asked Questions (FAQ)

Can I use the site without cookies?

Partially. Technical cookies are necessary for core functions (language, consent). You may refuse analytics and functional cookies without problems.

What happens if I refuse all non-essential cookies?

The site will still work normally, but:

We will not remember your preferred theme
We will not save favorite destinations
We may ask you for language preferences again
The core browsing experience remains available

Can cookies harm me?

No. Cookies are simple text files and cannot:

Execute code on your device
Install viruses or malware
Access your personal files
They can only store browsing and preference data

Is localStorage more dangerous than cookies?

No. In practice it is often safer because:

It is not automatically sent to the server
It is isolated per domain
It can be deleted just like cookies

Does Google Analytics sell my data?

Not directly, but:

Google may use aggregated data to improve its services
It may use data for advertising ecosystems outside our site
You can object through Google Ads Settings

Is Plausible really privacy-friendly?

Yes, because:

It is open source and verifiable
It uses no cookies and no fingerprinting
Data is aggregate and anonymous
Servers are in the EU and GDPR compliant
It does not rely on profiling or data resale

Is the cookie banner legally required?

Yes, under:

ePrivacy Directive 2002/58/EC (Art. 5.3)
Italian Privacy Code (Art. 122)
Italian Data Protection Authority guidelines (9 July 2021)

It must:

Appear before non-technical cookies are installed
Offer a clear Refuse option
Allow granular consent by category
Be easily revocable

Can I delete only some cookies?

Yes:

Privacy Dashboard -> Customize -> Deselect categories
Browser settings -> Manage cookies -> Remove specific entries

Do cookies expire if I stop visiting the site?

Yes. They expire after the period indicated (12-24 months). On the next visit, the banner may appear again.

Does Mind the Journey track my GPS position?

No. We use only:

Approximate geolocation based on IP (country/region)
Never precise GPS coordinates
No direct access to your physical position

13. Legal References

This Cookie Policy complies with:

GDPR - EU Regulation 2016/679
ePrivacy Directive - 2002/58/EC (as amended by 2009/136/EC)
Italian Privacy Code - Legislative Decree 196/2003 (updated in 2018)
Italian Data Protection Authority Guidelines - 10 June 2021, no. 231
Italian Data Protection Authority Order - 9 July 2021 (cookies and other tracking tools)
EDPB Guidelines 05/2020 - Consent
CJEU Schrems II judgment - C-311/18 (extra-EU transfers)

14. Supervisory Authority

For doubts or complaints regarding cookie management:

Italian Data Protection Authority (Garante per la Protezione dei Dati Personali)
Piazza Venezia, 11 - 00187 Rome, Italy
Tel: +39 06 696771
Fax: +39 06 69677785
Email: garante@gpdp.it
PEC: protocollo@pec.gpdp.it
Web: https://www.garanteprivacy.it

Hours: Monday-Friday 10:00-12:00 (phone)
Online complaint: Available on the Authority website

15. Contacts

For cookie-specific questions:

Email: privacy@mindthejourney.com
Subject: [Cookie Policy] Your question
Response time: 5 business days

Self-service:

Privacy Dashboard: /privacy-dashboard
Manage cookies: click the fixed "Cookie Settings" button

16. Summary Table

Cookie	Type	Purpose	Duration	Consent	Provider
`mtj_consent`	Technical	Cookie preferences	12 months	No	Mind the Journey
`mtj_anon_id`	Technical	Anonymous ID	Persistent	No	Mind the Journey
`mtj_language`	Technical	Language	Persistent	No	Mind the Journey
`mtj_legal_notice_seen`	Technical	Legal notice	Persistent	No	Mind the Journey
`_ga`	Analytics	Unique users	2 years	Yes	Google LLC
`_gid`	Analytics	Sessions	24 hours	Yes	Google LLC
`mtj_theme_preference`	Functional	Theme	24 months	Yes	Mind the Journey
`mtj_saved_destinations`	Functional	Favorites	24 months	Yes	Mind the Journey

Legend:

Technical: Necessary for operation
Analytics: Anonymous statistics
Functional: Personalized experience
Consent Yes: Requires explicit approval
Consent No: Exempt as technically necessary

17. Statement of Compliance

Mind the Journey declares that:

All non-technical cookies are installed only after explicit consent
The cookie banner complies with the Italian Data Protection Authority guidelines of 9 July 2021
Consent is granular and revocable
IP addresses are anonymized before any relevant analytics processing
Extra-EU transfers are protected by SCC or equivalent safeguards where applicable
There is no cookie wall (access is not denied if cookies are refused)
The Refuse option is equivalent in visibility to Accept
Documentation is complete and accessible

Last compliance review: October 2025
Next scheduled review: April 2026

Thank you for your trust. We use cookies responsibly and transparently.

Last updated: April 2026 | Version 2026.04