Essential controls

• The admin area uses an httpOnly authentication cookie on `/admin`.
• The contribution form uses Cloudflare Turnstile as an anti-bot control.
• Server-side rate limiting uses a hashed IP value rather than storing a raw IP in the application database.

Preference storage

• Bierdex can remember language choice using browser storage.
• Without preference permission, language switching still works for the current visit but is not persisted across visits.

Analytics status

• No optional analytics vendor is active in the current app code.
• A dedicated analytics consent category exists so future measurement can remain blocked by default until consent is granted.

Changing your choices

Use the “Privacy settings” control in the footer to reopen the consent panel and change optional categories at any time.