Merge pull request #44 from andreagrandi/add-cookie-section-privacy-policy

Add cookies section to privacy policy

Author: andreagrandi

templates/privacy.html

@@ -6,7 +6,7 @@
 {% block content %}
   <section class="rounded-box bg-base-100 px-6 py-10 shadow-sm lg:px-12">
     <h1 class="text-4xl font-bold">Privacy Policy</h1>
-    <p class="mt-2 text-base-content/60">Last updated: 26th February 2026</p>
+    <p class="mt-2 text-base-content/60">Last updated: 3rd April 2026</p>
 
     <div class="mt-8 max-w-3xl space-y-8 text-base-content/80">
       <p>
@@ -186,7 +186,44 @@ <h2 class="text-xl font-semibold text-base-content">9. Security measures</h2>
       </div>
 
       <div>
-        <h2 class="text-xl font-semibold text-base-content">10. Changes to this policy</h2>
+        <h2 class="text-xl font-semibold text-base-content">10. Cookies</h2>
+        <div class="mt-3 space-y-4">
+          <p>
+            Book Corners uses a small number of cookies that are strictly necessary for the website
+            to function. No tracking, analytics or advertising cookies are used.
+          </p>
+
+          <div>
+            <h3 class="font-semibold text-base-content">Cookies we set</h3>
+            <ul class="mt-1 list-inside list-disc space-y-1">
+              <li>
+                <strong>Session cookie</strong> (<code>sessionid</code>) — keeps you logged in while
+                you use the site. Expires after 2 weeks or when you log out.
+              </li>
+              <li>
+                <strong>CSRF cookie</strong> (<code>csrftoken</code>) — protects form submissions
+                against cross-site request forgery. Expires after 1 year.
+              </li>
+              <li>
+                <strong>Language cookie</strong> (<code>django_language</code>) — remembers your
+                preferred language. Expires at the end of the browser session.
+              </li>
+            </ul>
+          </div>
+
+          <div>
+            <h3 class="font-semibold text-base-content">Why no consent banner is shown</h3>
+            <p class="mt-1">
+              Under the ePrivacy Directive (Article 5(3)) and Italian data protection guidelines,
+              cookies that are strictly necessary for providing the service do not require user consent.
+              All cookies listed above fall within this exemption.
+            </p>
+          </div>
+        </div>
+      </div>
+
+      <div>
+        <h2 class="text-xl font-semibold text-base-content">11. Changes to this policy</h2>
         <div class="mt-3 space-y-2">
           <p>
             This Privacy Policy may be updated from time to time. Any changes will be published

templates/privacy_it.html

@@ -7,7 +7,7 @@
 {% block content %}
   <section class="rounded-box bg-base-100 px-6 py-10 shadow-sm lg:px-12">
     <h1 class="text-4xl font-bold">Informativa sulla Privacy</h1>
-    <p class="mt-2 text-base-content/60">Ultimo aggiornamento: 26 febbraio 2026</p>
+    <p class="mt-2 text-base-content/60">Ultimo aggiornamento: 3 aprile 2026</p>
 
     <div class="mt-8 max-w-3xl space-y-8 text-base-content/80">
       <p>
@@ -186,7 +186,44 @@ <h2 class="text-xl font-semibold text-base-content">9. Misure di sicurezza</h2>
       </div>
 
       <div>
-        <h2 class="text-xl font-semibold text-base-content">10. Modifiche a questa informativa</h2>
+        <h2 class="text-xl font-semibold text-base-content">10. Cookie</h2>
+        <div class="mt-3 space-y-4">
+          <p>
+            Book Corners utilizza un numero limitato di cookie strettamente necessari al funzionamento
+            del sito. Non vengono utilizzati cookie di tracciamento, analisi o pubblicità.
+          </p>
+
+          <div>
+            <h3 class="font-semibold text-base-content">Cookie che utilizziamo</h3>
+            <ul class="mt-1 list-inside list-disc space-y-1">
+              <li>
+                <strong>Cookie di sessione</strong> (<code>sessionid</code>) — mantiene l'accesso
+                durante l'utilizzo del sito. Scade dopo 2 settimane o al logout.
+              </li>
+              <li>
+                <strong>Cookie CSRF</strong> (<code>csrftoken</code>) — protegge l'invio dei moduli
+                da attacchi cross-site request forgery. Scade dopo 1 anno.
+              </li>
+              <li>
+                <strong>Cookie della lingua</strong> (<code>django_language</code>) — ricorda la
+                lingua preferita. Scade alla chiusura del browser.
+              </li>
+            </ul>
+          </div>
+
+          <div>
+            <h3 class="font-semibold text-base-content">Perché non viene mostrato un banner per il consenso</h3>
+            <p class="mt-1">
+              Ai sensi della Direttiva ePrivacy (Articolo 5(3)) e delle linee guida italiane in materia
+              di protezione dei dati, i cookie strettamente necessari alla fornitura del servizio non
+              richiedono il consenso dell'utente. Tutti i cookie sopra elencati rientrano in questa esenzione.
+            </p>
+          </div>
+        </div>
+      </div>
+
+      <div>
+        <h2 class="text-xl font-semibold text-base-content">11. Modifiche a questa informativa</h2>
         <div class="mt-3 space-y-2">
           <p>
             La presente Informativa sulla Privacy può essere aggiornata periodicamente. Qualsiasi modifica