Free express shipping over ₪1,000

Cookie & Storage Technologies Policy

Elegance Store, operated by Luxury Brands (עוסק מורשה), Business ID 200854792 ("Elegance", "we", "us", or "our")

Effective Date: July 5, 2026

Last Updated: July 5, 2026

1. Introduction — What Are Cookies and Similar Technologies

This Cookie & Storage Technologies Policy (the "Policy") explains how Elegance Store, operated by Luxury Brands (עוסק מורשה), Business ID 200854792 ("Elegance", "we", "us", or "our"), uses cookies, browser local storage, session storage, and other similar technologies (collectively, "Storage Technologies") when you visit or interact with our website at elegancestore-production.up.railway.app (the "Website").

This Policy should be read in conjunction with our Privacy Policy, which provides comprehensive information about how we collect, use, and protect your personal data.

For the purposes of this Policy, we use the term "Storage Technologies" broadly to refer to the following distinct technologies:

  • Cookies — Small text files placed on your device by a website or third-party service. Cookies are sent to the server with each HTTP request and are governed by specific browser controls. Our Website does not set first-party cookies directly through our application code; however, third-party services integrated into our Website (specifically, Google Firebase) may set cookies through their SDKs.
  • localStorage — A browser-based storage mechanism that allows websites to store key-value pairs persistently in your browser. Unlike cookies, localStorage data is not transmitted to the server with HTTP requests and remains available until explicitly cleared by the user or by application code. Our Website uses localStorage as its primary client-side storage mechanism.
  • sessionStorage — Similar to localStorage, but data stored in sessionStorage is automatically cleared when the browser tab or window is closed. We use sessionStorage for temporary, session-scoped data.
  • Firebase SDK Storage — The Google Firebase platform, which we use for authentication and optional analytics, may utilise a combination of cookies, IndexedDB, and other browser storage mechanisms to maintain authentication state and track analytics events.

Transparency Note: We believe in full transparency regarding the technologies deployed on our Website. Unlike many e-commerce platforms, Elegance Store does not set first-party HTTP cookies through its application code. Our client-side storage relies primarily on the browser's localStorage and sessionStorage APIs. However, the Firebase SDK and other third-party resources loaded on our Website may set their own cookies or use similar storage mechanisms independently.

2. Our Use of Cookies and Local Storage

In the interest of accuracy and transparency, we wish to clarify that our Website primarily uses localStorage and sessionStorage (collectively, "Web Storage APIs") rather than traditional HTTP cookies for its core functionality. This is an important technical distinction:

  • We do not set first-party cookies. Our application code does not usedocument.cookie or server-side Set-Cookie headers to place cookies on your device.
  • We use localStorage for persistent client-side data, such as your shopping cart contents and cached user information.
  • We use sessionStorage for temporary data, such as order confirmation details that are only needed for the duration of your browser session.
  • Third-party cookies may be set by Firebase/Google. The Firebase SDK, which handles user authentication and optional analytics on our Website, may set cookies through its own code. These cookies are not set by Elegance directly, but we are responsible for disclosing their presence.

3. Types of Technologies We Use

3.1 Essential / Strictly Necessary Technologies

These technologies are required for the basic operation of our Website. Without them, core functionality such as user authentication, shopping cart management, and order processing would not function. Because these technologies are strictly necessary for providing the services you have requested, they are deployed on the basis of legitimate interest and contractual necessity and do not require your prior consent under either Israeli law or the EU ePrivacy Directive (Directive 2002/58/EC, as amended by Directive 2009/136/EC), Article 5(3).

  • Firebase Authentication tokens — Managed by the Firebase SDK to maintain your authenticated session after login. These may include cookies and/or IndexedDB entries set by Google Firebase. They are essential for secure access to your account and for processing transactions.
  • Google OAuth tokens — If you choose to sign in using your Google account, OAuth tokens are stored by the Firebase Authentication SDK to maintain your session.
  • Shopping cart (localStorage) — Your shopping cart contents are stored locally in your browser under the key elegance_cart, enabling cart persistence across page navigations and browser sessions.
  • Order confirmation data (sessionStorage) — After a successful purchase, temporary order data is stored in sessionStorage (under a key formatted as order_{orderNumber}) to display your order confirmation page. This data is automatically deleted when you close the browser tab.

3.2 Functionality Technologies

These technologies support enhanced functionality and personalisation of your experience on our Website. They are not strictly necessary for the Website to function but enable features such as remembering your preferences.

  • Cached user data (localStorage) — Under the key user, we may cache certain user profile data in localStorage as a development fallback mechanism. This supports faster page loading and a smoother user experience. This data does not include sensitive information such as passwords or payment details.

3.3 Analytics Technologies

Analytics technologies help us understand how visitors interact with our Website, allowing us to improve its design, content, and functionality.

  • Firebase Analytics (optional) — Our Website includes the Firebase Analytics SDK, which is initialised conditionally based on browser support and the presence of a configured measurement ID. When active, Firebase Analytics may set cookies and use other storage mechanisms to track user interactions, session duration, page views, and similar usage data. This data is processed by Google and is subject to Google's Privacy Policy.

Compliance Advisory: Under the EU ePrivacy Directive and the GDPR, analytics cookies and similar tracking technologies generally require the user's prior informed consent before they are set. Firebase Analytics is currently initialised automatically when the browser supports it, without an explicit opt-in consent mechanism. We acknowledge this as a compliance gap for visitors from the European Economic Area (EEA) and are evaluating the implementation of a consent management mechanism. See Section 9 below for further details.

3.4 Third-Party Technologies

Certain third-party services integrated into or loaded by our Website may independently set cookies or use other storage mechanisms on your device. We do not control these third-party technologies and are not responsible for their content or the privacy practices of their operators.

  • Firebase / Google Cloud — Our Website uses the Firebase platform (a Google Cloud service) for authentication, database, storage, and optional analytics. Firebase SDKs may set cookies or use IndexedDB for session management, authentication token storage, and analytics tracking. For more information, see Firebase Privacy Information.
  • Unsplash — Certain editorial and hero images on our Website are loaded from Unsplash (unsplash.com). When your browser requests these images, Unsplash's servers may set their own cookies. These cookies are set by Unsplash, not by Elegance, and are subject to Unsplash's Privacy Policy.
  • Google Fonts (self-hosted) — Our Website uses the Inter and EB Garamond typefaces. These fonts are loaded via Next.js font optimisation, which self-hosts the font files on our own domain. As a result, no requests are made to Google's servers for font loading, and no Google Fonts tracking cookies are set.

We do not use any of the following third-party technologies:

  • Google Analytics (GA4) scripts
  • Facebook Pixel or Meta tracking scripts
  • Third-party advertising or retargeting cookies
  • Social media sharing plugins that set cookies

4. Detailed Storage Inventory

The following table provides a comprehensive inventory of all Storage Technologies used on our Website, whether set by our application code directly or by third-party SDKs:

4.1 First-Party Storage (Set by Elegance Application Code)

Name / KeyProviderTechnologyPurposeCategoryDuration
elegance_cartElegance StorelocalStorageStores shopping cart items as a JSON array. Contains product IDs, selected sizes, colours, and quantities.EssentialPersistent until cleared by user, logout, or cart completion
userElegance StorelocalStorageCached user profile data (name, email, user ID). Used as a development/fallback mechanism for faster page rendering. Does not contain passwords or payment data.FunctionalityPersistent until cleared by user or logout
order_{orderNumber}Elegance StoresessionStorageTemporary order confirmation data (order details, items, totals) used to display the order success page without requiring a server round-trip.EssentialSession only (cleared when browser tab closes)

4.2 Third-Party Storage (Set by Firebase / Google SDKs)

Name / KeyProviderTechnologyPurposeCategoryDuration
Firebase Auth tokensGoogle FirebaseIndexedDB / CookiesAuthentication session management. Stores ID tokens, refresh tokens, and user session data.EssentialID token: ~1 hour (auto-refreshed); Refresh token: persistent until logout or revocation
Google OAuth tokensGoogleCookies / IndexedDBOAuth 2.0 authentication tokens for users who sign in via Google. Used to maintain the authenticated session.EssentialVaries; typically refreshed automatically
_ga, _gid, _gat (if measurement ID configured)Google Firebase AnalyticsCookiesAnalytics tracking cookies used to distinguish users and throttle request rates. Only set if Firebase Analytics is initialised with a valid measurement ID.Analytics_ga: 2 years; _gid: 24 hours; _gat: 1 minute

4.3 Third-Party Resources (External Domains)

ServiceDomainPurposeMay Set Cookies
Unsplashimages.unsplash.comEditorial and hero imagesYes (Unsplash may set its own cookies when serving images)
Firebase / Google Cloud*.firebaseio.com, *.googleapis.comAuthentication, database, cloud storage, analyticsYes (Firebase SDKs set authentication and analytics cookies)
Google FontsN/A (self-hosted)Typography (Inter, EB Garamond)No (fonts are self-hosted via Next.js optimisation; no external requests)

5. Third-Party Cookies

As noted throughout this Policy, Elegance Store does not set first-party HTTP cookies. However, third-party services that we integrate may set cookies on your device through their own SDKs and scripts.

The primary source of third-party cookies on our Website is the Google Firebase platform. Firebase is a Google Cloud service that we use for:

  1. User Authentication — Firebase Authentication manages user login sessions and stores authentication tokens. This is essential for the operation of user accounts on our Website.
  2. Firebase Analytics (optional) — If a Firebase measurement ID is configured, the Firebase Analytics module may set cookies (such as _ga, _gid) to track user interactions with our Website. These cookies function similarly to Google Analytics cookies.

We encourage you to review Google's privacy documentation for comprehensive information about how Firebase and Google handle data:

6. How to Manage Cookies & Local Storage

6.1 Managing Cookies via Browser Settings

Most web browsers allow you to control cookies through their settings. You can typically:

  • View which cookies are stored on your device
  • Delete individual cookies or all cookies
  • Block cookies from specific sites or all sites
  • Set preferences for first-party vs. third-party cookies
  • Configure automatic deletion of cookies when you close the browser

For instructions on managing cookies in your specific browser, please refer to the following resources:

6.2 Managing localStorage and sessionStorage

Unlike cookies, localStorage and sessionStorage data cannot be managed through standard cookie settings. To clear this data, you may:

  • Clear all site data: In most browsers, navigate to Settings > Privacy & Security > Clear Browsing Data, and select "Cookies and other site data" or "Site settings." This will typically clear localStorage and sessionStorage along with cookies.
  • Use browser Developer Tools: Open your browser's Developer Tools (usually by pressing F12 or Ctrl/Cmd + Shift + I), navigate to the "Application" or "Storage" tab, and manually view, edit, or delete specific localStorage and sessionStorage entries.
  • Log out of your account: Logging out of your Elegance account will automatically clear the elegance_cart and user localStorage entries.

6.3 Opting Out of Firebase Analytics

Firebase Analytics no longer initialises automatically: it now loads only after you actively choose “Accept” on the cookie consent banner presented on your first visit, and never loads if you choose “Decline.” If you wish to change a choice you have already made, clear your site data as described in section 6.2 above — the banner will then be presented again. Independently of this consent mechanism, you can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. This add-on prevents the Google Analytics JavaScript (including Firebase Analytics) from sharing information about visit activity with Google Analytics.

7. Impact of Disabling Cookies and Storage Technologies

Disabling or blocking Storage Technologies may affect your ability to use certain features of our Website. The following table summarises the expected impact:

ActionImpact on Website Functionality
Blocking all cookiesFirebase Authentication may not function correctly. You may be unable to sign in, create an account, or maintain an authenticated session. Google sign-in will not work.
Disabling localStorageYour shopping cart will not persist between page navigations or browser sessions. Items added to the cart will be lost upon refresh. User data caching will not function.
Disabling sessionStorageThe order confirmation page may take longer to load, as it will need to retrieve order data from the server instead of using cached session data. Core functionality will not be affected.
Blocking third-party cookies onlyFirebase Analytics tracking will be disabled (no impact on core functionality). Some Firebase Authentication flows may be affected depending on your browser's specific third-party cookie policies.
Using private/incognito browsing modeAll Storage Technologies will function normally during your session but will be cleared automatically when the private browsing window is closed. Your cart and login session will not persist between private browsing sessions.

8. Legal Basis for Using Storage Technologies

8.1 Israeli Law

Israel does not have a specific "cookie law" equivalent to the EU ePrivacy Directive. The primary Israeli legislation governing privacy is the Privacy Protection Law, 5741-1981 (חוק הגנת הפרטיות, התשמ"א-1981) and the Privacy Protection Regulations (Data Security), 5777-2017 (תקנות הגנת הפרטיות (אבטחת מידע), התשע"ז-2017). These laws establish a general framework for the protection of personal data and the security of databases, but do not specifically regulate the use of cookies or similar tracking technologies.

Under Israeli law, the use of Storage Technologies on our Website is primarily governed by:

  • Section 1 of the Privacy Protection Law — which establishes the right to privacy and the obligation to protect personal information in databases.
  • Section 7 of the Privacy Protection Law — which imposes notification requirements when collecting personal data and requires that data subjects be informed of the purposes for which their data will be used.
  • The Communications (Telecommunications and Broadcasting) Law, 5742-1982 (חוק התקשורת (בזק ושידורים), התשמ"ב-1982), as amended, specifically Section 30A — which regulates unsolicited electronic communications and may have implications for tracking technologies used for direct marketing purposes.

We rely on the following legal bases under Israeli law:

  • Contractual necessity — Essential Storage Technologies (authentication tokens, shopping cart storage, order data) are necessary for the performance of our contract with you when you use our Website to browse and purchase products.
  • Legitimate interest — Functionality technologies (cached user data) serve our legitimate interest in providing a smooth and responsive user experience.

8.2 EU Law (ePrivacy Directive and GDPR)

For visitors accessing our Website from the European Economic Area (EEA), the United Kingdom, or Switzerland, additional legal requirements apply under:

  • The ePrivacy Directive (Directive 2002/58/EC, as amended) — Article 5(3) requires that the storage of, or access to, information on a user's terminal equipment (which includes cookies, localStorage, sessionStorage, and IndexedDB) requires the user's prior informed consent, unless the storage is strictly necessary for the provision of a service explicitly requested by the user.
  • The General Data Protection Regulation (EU 2016/679) ("GDPR") — which governs the processing of personal data and requires a valid legal basis (such as consent under Article 6(1)(a) or legitimate interest under Article 6(1)(f)) for any processing of personal data through cookies or similar technologies.

Note on the scope of the ePrivacy Directive: Article 5(3) of the ePrivacy Directive refers broadly to "the storing of information, or the gaining of access to information already stored, in the terminal equipment of a subscriber or user." This language is technology-neutral and is widely interpreted by EU data protection authorities as covering not only HTTP cookies but also localStorage, sessionStorage, IndexedDB, and any other client-side storage mechanism. The European Data Protection Board (EDPB) and national supervisory authorities (including the CNIL, ICO, and others) have consistently confirmed this broad interpretation.

Accordingly, while localStorage and sessionStorage are technically distinct from cookies, they are subject to the same consent requirements under EU law when used for non-essential purposes.

Our legal bases under EU law for the Storage Technologies we use are:

  • Strictly necessary exemption (Article 5(3) ePrivacy Directive) — Firebase authentication tokens, shopping cart localStorage, and order confirmation sessionStorage are strictly necessary for providing the e-commerce services you have requested. No consent is required for these technologies.
  • Consent (Article 5(3) ePrivacy Directive; Article 6(1)(a) GDPR) — Firebase Analytics cookies and any non-essential tracking should, in principle, only be activated after obtaining the user's prior informed consent. See Section 9 for our current position on consent management.

8.3 Israel's GDPR Adequacy Status

Israel has been recognised by the European Commission as providing an adequate level of data protection (Commission Decision 2011/61/EU). This adequacy decision facilitates the transfer of personal data from the EEA to Israel without the need for additional safeguards such as Standard Contractual Clauses. However, the adequacy decision does not exempt Israeli website operators from complying with the ePrivacy Directive's consent requirements when their websites are accessed by individuals in the EEA. The ePrivacy Directive applies based on the location of the user's terminal equipment, not the location of the data controller.

9. Cookie Consent & Compliance Recommendations

9.1 Current Status

As of the effective date of this Policy, our Website does not implement a cookie consent banner or consent management platform (CMP). We wish to be transparent about this and provide the following analysis:

Compliance Gap Disclosure

The absence of a cookie consent mechanism represents a compliance gap with respect to the EU ePrivacy Directive and GDPR requirements for visitors accessing our Website from the EEA. While Israel does not currently mandate a cookie consent banner under domestic law, the following considerations apply:

  1. Firebase Analytics initialises automatically when a valid measurement ID is configured and the browser supports it. Under EU law, analytics cookies require prior informed consent (opt-in) before being set. The current automatic initialisation does not comply with this requirement for EEA visitors.
  2. Israeli privacy law is evolving. The Israeli Privacy Protection Authority (הרשות להגנת הפרטיות) has signalled increasing alignment with GDPR principles. Proactive compliance with EU standards is considered best practice and may become legally required in Israel in the future.
  3. GDPR territorial scope: Under Article 3(2) of the GDPR, the regulation applies to controllers not established in the EU who offer goods or services to data subjects in the EU. An Israeli e-commerce store that ships to EU countries or targets EU consumers may fall within the territorial scope of the GDPR.

9.2 Recommendations

Based on the above analysis, we recommend the following measures to be implemented:

  1. Implement a Cookie Consent Management Platform (CMP) — Deploy a GDPR-compliant CMP (such as Cookiebot, OneTrust, or a custom solution) that presents visitors with clear consent options before any non-essential Storage Technologies are activated. The CMP should:
    • Allow granular control (accept all, reject all, customise preferences)
    • Not use pre-ticked checkboxes (per CJEU Planet49 ruling, C-673/17)
    • Store consent records as required under Article 7(1) GDPR
    • Be presented before Firebase Analytics is initialised for EEA visitors
  2. Conditionally initialise Firebase Analytics — Modify the Firebase Analytics initialisation to require explicit user consent before the analytics module is loaded for visitors from jurisdictions that require consent for analytics tracking.
  3. Geo-based consent logic — Consider implementing geo-based logic to display the consent banner only to visitors from jurisdictions where it is legally required (e.g., EEA, UK), while relying on legitimate interest for Israeli visitors where local law permits.
  4. Review periodically — Monitor developments in Israeli privacy law, including any amendments to the Privacy Protection Law or new regulations that may impose cookie consent requirements domestically.

10. Changes to This Policy

We may update this Policy from time to time to reflect changes in our use of Storage Technologies, changes in applicable law, or other operational or legal reasons. When we make material changes to this Policy, we will:

  • Update the "Last Updated" date at the top of this Policy.
  • Where appropriate and required by law, notify you of the changes through a prominent notice on our Website or by email.
  • If we implement a consent management platform, request renewed consent where required by applicable law.

We encourage you to review this Policy periodically to stay informed about our use of cookies and similar technologies.

11. Contact Information

If you have any questions, concerns, or requests regarding this Cookie & Storage Technologies Policy, our use of Storage Technologies, or your rights under applicable data protection law, please contact us at:

Elegance Store, operated by Luxury Brands (עוסק מורשה), Business ID 200854792

Data Protection Enquiries

Email: ameerdow@icloud.com

Website: Contact Us

For complaints regarding data protection, you may also contact the Israeli Privacy Protection Authority (הרשות להגנת הפרטיות) at www.gov.il, or, for EEA residents, the relevant supervisory authority in your jurisdiction.


This Cookie & Storage Technologies Policy was prepared by Adv. Maya Shapiro, an Israeli technology and digital commerce attorney, and is intended to comply with the Israeli Privacy Protection Law, 5741-1981 and to address the requirements of the EU ePrivacy Directive and the General Data Protection Regulation (GDPR) for visitors from the European Economic Area. This document does not constitute legal advice to any third party and should be reviewed by qualified legal counsel in your jurisdiction before reliance.

We use optional analytics cookies to improve your experience.

Read our Cookie Policy for details.