Cookie Policy
Effective Date: June 29, 2026
Last Updated: June 29, 2026
1. What Are Cookies?
Cookies are small text files that websites place on your device (computer, tablet, or phone) to make the site work, remember your preferences, and understand how the site is used. Some cookies are essential for the website to function. Others are optional and only set if you give consent.
Similar technologies — such as localStorage, sessionStorage, and cookies set by third-party scripts — are covered by this policy as well.
2. How We Use Cookies
Tunari VPN keeps cookie use to a minimum. We classify cookies into four categories:
- Essential cookies — strictly necessary for the website to operate. They enable authentication, session management, and security. These cookies do not require consent under Art. 173(3) of the Polish Telecommunications Law and the EU ePrivacy Directive.
- Functional cookies — remember your preferences (language, region) so the site behaves consistently between visits. Set only after you confirm functional consent.
- Analytics cookies — help us understand aggregate usage patterns so we can improve the Service. Set only after you confirm analytics consent.
- Marketing cookies — currently not used. We do not run third-party advertising or remarketing trackers on tunarivpn.com.
3. Cookies We Set
The table below lists every cookie and similar technology our website may set.
| Cookie Name | Purpose | Category | Duration | Provider |
|---|---|---|---|---|
tunari_locale | Stores your selected interface language (en/ru/uk/pl). | Functional | 1 year | First-party |
tunari_region | Stores your detected or chosen region for currency and content routing. | Functional | 1 year | First-party |
access_token | Authenticates you to the dashboard. HTTP-only, Secure, SameSite=Lax. | Essential | 15 minutes | First-party (HttpOnly) |
refresh_token | Renews your session without re-login. HTTP-only, Secure, SameSite=Lax. | Essential | 30 days | First-party (HttpOnly) |
tunari_consent_v1 | Stores your cookie consent choices (functional / analytics). | Essential | 6 months | First-party |
_ga | Distinguishes unique visitors for aggregate analytics. | Analytics | 14 months | Google Analytics |
_ga_XJXG6T432Q | Maintains the GA4 session state for our property. | Analytics | 14 months | Google Analytics |
_ga_consent | Reflects your current Consent Mode v2 state for Google tags. | Analytics | Session | |
cf_clearance | Confirms you passed a Cloudflare security challenge. | Essential (security) | 30 minutes | Cloudflare |
__cf_bm | Cloudflare bot management — protects the site from automated abuse. | Essential (security) | Session (30 min idle) | Cloudflare |
4. Google Consent Mode v2
We implement Google Consent Mode v2 on tunarivpn.com. Consent Mode lets Google tags adjust their behaviour based on the consent signals we forward. Defaults are region-based:
- EU / EEA / UK / Switzerland visitors: all consent signals (
ad_storage,analytics_storage,ad_user_data,ad_personalization,functionality_storage,personalization_storage,security_storage) default to denied until you grant consent through our cookie banner. - Visitors outside the EU/EEA/UK: analytics defaults to granted; advertising signals remain denied (we do not run advertising).
Until you grant analytics consent, Google Analytics receives only privacy-safe pinged signals (no client identifiers). Once you consent, full measurement is enabled.
5. How to Manage Your Consent
You can change or withdraw your consent at any time:
- Open cookie settings:click the "Cookie settings" link at the bottom of any page to reopen the consent banner and adjust your choices.
- Reject all optional cookies:in the banner, choose "Reject" — only essential cookies will be set.
- Browser controls:all modern browsers let you block or delete cookies for any site. See your browser's help pages for instructions ( Chrome, Firefox, Safari, Edge).
Blocking essential cookies will prevent you from signing in or maintaining a session. Blocking functional cookies will reset your language and region preferences on every visit.
6. Third-Party Cookies
Some pages of our service load third-party widgets that may set their own cookies. We do not control these cookies; they are governed by the third party's own policy.
- Stripe Checkout — when you proceed to payment, Stripe sets cookies for fraud prevention and session continuity. See Stripe's Cookie Policy.
- Google OAuth — when you sign in with Google, Google sets cookies on its own domains (accounts.google.com). See Google's Cookie Policy.
- Telegram Login— when you sign in with Telegram, Telegram's OAuth widget loads from
oauth.telegram.organd may set cookies on its own domain. See Telegram's Privacy Policy.
7. Legal Basis (GDPR & ePrivacy)
Essential cookies are set on the legal basis of our legitimate interest in providing a functioning service (Art. 6(1)(f) GDPR) and are exempt from the consent requirement under Art. 5(3) of the ePrivacy Directive 2002/58/EC.
Functional and analytics cookies are set only on the legal basis of your prior, explicit, informed consent (Art. 6(1)(a) GDPR; Art. 173 of the Polish Telecommunications Law implementing Art. 5(3) ePrivacy Directive). You may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.
8. Changes to This Policy
We may update this Cookie Policy to reflect changes in the cookies we use or in applicable law. The "Last Updated" date above shows when the policy was last revised. Material changes will be highlighted in our consent banner.
9. Contact
For questions about cookies or this policy:
- Email: privacy@tunarivpn.com
- Postal address: TunariVPN Sp. z o.o., Zabraniecka 8L / 212, 03-872 Warsaw, Poland
See also our Privacy Policy and Imprint.