1. General
- Klaver Solutions, trading as Practions, operates the marketing website practions.com and the sign-up and use environment at app.practions.com. This cookie policy explains which cookies and comparable techniques (including localStorage and sessionStorage) are used, for what purpose and on what legal basis.
- Cookies are small files saved by the browser. Comparable techniques include localStorage and sessionStorage, which allow information to be stored in the browser without setting a cookie. These techniques are subject to Article 11.7a of the Dutch Telecommunications Act (the implementation of the ePrivacy Directive) and the GDPR.
- For strictly necessary cookies and strictly necessary client-side storage no consent is required (Article 11.7a(3) Dutch Telecommunications Act). For other categories, prior consent is required, which must be capable of being refused or withdrawn on an equivalent basis.
2. Cookies on practions.com (marketing website)
The marketing website practions.com places no cookies. Anonymous visitor statistics are calculated server-side, based on a hash of the IP address and without identifying client-side storage. As a result, the measurement does not fall under the consent obligation of Article 11.7a Dutch Telecommunications Act.
2.1 Strictly necessary client-side storage on practions.com
| Key | Type | Purpose | Retention |
|---|---|---|---|
practions_lang |
localStorage | Remembers the chosen interface language (Dutch or English) | Until cleared by the visitor via browser settings |
This storage is strictly necessary for the operation of the information-society service (language preference) and is therefore exempt from consent.
3. Cookies and storage on app.practions.com (after login)
In the logged-in part of Practions, cookies and client-side storage are used for authentication and functional preferences. Since access is voluntary through registration and tied to the Agreement, these cookies and storage are strictly necessary to deliver the Service expressly requested and are therefore exempt from consent.
A note on key names. Since the May 2026 rebrand all new storage keys start with
practions_orpractions-. The HTTP cookies keep the short prefixbd_for backend compatibility. Visitors who still had a key stored under the previous trade name "Bloomdesk" have it migrated automatically on their next visit; the oldbloomdesk_/bloomdesk-key is then removed.
3.1 Authentication and security cookies (strictly necessary)
| Cookie | Purpose | Attributes | Retention |
|---|---|---|---|
bd_access |
Holds the short-lived JWT access token authenticating API requests | HttpOnly; Secure (in production); SameSite=Lax; Path=/ | 15 minutes |
bd_refresh |
Holds the JWT refresh token for silent renewal of the access token without re-login | HttpOnly; Secure; SameSite=Lax; Path=/api/auth | 30 days, with a sliding cap of 14 days inactivity |
bd_csrf |
Double-submit token to prevent Cross-Site Request Forgery | Secure; SameSite=Lax | Session |
3.2 Functional and preferences storage
| Key | Type | Purpose | Retention |
|---|---|---|---|
practions_lang |
localStorage | Remembers the user's interface language | Until cleared by the user |
practions.activeCall |
localStorage | Persistent state of an active video call (picture-in-picture, navigation stability) | Until the call ends |
practions-dismissed-sessions |
localStorage | Remembers which session reminders have been dismissed | Until cleared by the user |
practions-portal-token |
localStorage | Authentication token for the client portal (separate from the coach login) | Until logout or expiry |
practions-pending-gift |
sessionStorage | Temporary voucher-redemption state in the sign-up flow | Until tab is closed |
practions-admin-secret |
sessionStorage | Access to the admin panel (Klaver Solutions staff only) | Until tab is closed |
practions-pip-corner |
localStorage | Remembers the corner of the picture-in-picture window | Until cleared by the user |
practions-pip-mode |
localStorage | Remembers the mode of the picture-in-picture window | Until cleared by the user |
| Client-call session identifier | sessionStorage | Remembers a verified join code so a client need not re-authenticate after a page refresh | 2 hours or until the tab is closed |
3.3 Statistics, marketing or advertising cookies
Practions does not place statistics, marketing or advertising cookies. Should this change in future, this cookie policy will be amended in advance and prior consent will be sought via a consent banner where refusal is as prominent as acceptance.
4. External content and transfers
- On practions.com, typography is loaded via Google Fonts (fonts.googleapis.com and fonts.gstatic.com). When loading a web font, the browser exchanges its IP address with Google Ireland Limited. This exchange is technically necessary to render the page and does not fall under the cookie consent obligation, but does constitute processing under the GDPR. The transfer to Google Ireland remains within the EEA.
- In the sign-up and use environment, icon sprites are loaded from an external CDN (cdn.jsdelivr.net) for visual icons. No identifying cookies are placed in this process.
5. Managing and withdrawing
- Functional and strictly necessary cookies and storage may be cleared via browser settings; disabling them may cause the Service to malfunction in whole or in part.
- To the extent Practions in future introduces non-essential cookies or trackers, consent may be withdrawn at any time via a preferences panel offered in the Service. Withdrawal does not have retroactive effect.
6. Changes
This cookie policy may be amended. Substantive changes are announced at least thirty (30) days before they take effect, via email or a banner in the Service.