Last updated: June 2026
This page describes the cookies used by the TableBuddy management panels (/admin, /restaurant, /chain). These panels are only accessible to authorised staff, restaurant managers, and chain managers — they are not public-facing services.
| Name | Purpose | Lifetime | Type |
|---|---|---|---|
tablebuddy-session |
Maintains your authenticated session after you log in. Without this cookie the panel cannot recognise you between page loads and you would be logged out immediately. | 120 minutes of inactivity; deleted when you log out or close the browser | Strictly necessary |
XSRF-TOKEN |
Protects every form submission and API action from cross-site request forgery (CSRF) attacks. The token is verified server-side on every state-changing request. | Per session; refreshed with each page load | Strictly necessary |
No. Both cookies are strictly necessary for the service to function. Under Article 5(3) of the ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC), cookies that are strictly necessary to provide a service explicitly requested by the user are exempt from the consent requirement. Logging into this panel is the explicit request that triggers both cookies.
This exemption is confirmed by the Article 29 Working Party Opinion 04/2012 (WP194), which classifies authentication session cookies and cookies that secure the authentication mechanism as consent-exempt. The CNIL (France), ICO (UK), and other EU data protection authorities reach the same conclusion.
These cookies are used exclusively for session management and CSRF protection. We do not use them for advertising, behavioural profiling, analytics, or any purpose beyond what is stated above.
No third-party cookies are set by these panels. No external analytics, advertising, or tracking scripts are loaded.
If you have questions about how we handle cookies or personal data, contact the TableBuddy data protection team at your organisation's designated contact.