Privacy Policy of the CAIR Platform

The CAIR App collects personal data from its users.

Last updated: December 2025

1. General Information

1.1 Scope of Application

There is currently no statutory obligation to appoint a data protection officer. Data protection-related concerns can be addressed to the e-mail address listed above.

This Privacy Policy provides information about the type, scope and purpose of the processing of personal data in connection with the use of the CAIR platform. The Policy applies to the website, web app, mobile applications (iOS & Android), and the respective backend and cloud systems connected to them.

1.2 Purpose of Data Processing

Personal data is collected in order to provide the service offered, to comply with legal obligations, to be able to respond to legal requests, to protect the provider’s own rights and interests as well as those of users or third parties, and to detect fraudulent or harmful activities. In addition, the provider processes data for various other purposes, including registration and login, hosting and backend services, A/B testing to improve content and features, analytics, contact management and messaging, displaying external content, granting device permissions, direct registration in the CAIR App, remarketing and behavioural targeting, social features, location-based interactions, tag management, payment processing, as well as organisational and productivity-related processes.
Users can find detailed information on these processing purposes and the personal data processed in each case in the section “Detailed information on the processing of personal data”.

1.3 Types of Data Processed

The following categories of data may be processed:

Master data (e.g. name, e-mail address, telephone number)
Login and registration data (e.g. via Firebase Authentication)
Profile data (e.g. roles, qualifications, availability)
Usage data (e.g. interactions, log data, access histories)
Communication data (e.g. support requests, internal messages)
Payment and transaction data (e.g. amounts, fees, payment status)
Technical data (e.g. IP address, browser type, operating system, device information)
Tracking data (e.g. cookies, pixels, pseudonymous IDs)
Health data (e.g. degree of care), only with explicit consent

Users bear full responsibility for all personal data of third parties that they collect, publish or share via the CAIR App.

2. Legal Bases for Processing

Personal data is processed only if there is a legal basis for doing so. This is the case, for example, where the user has given consent, where the data is required for the performance of a contract or for taking steps prior to entering into a contract, or where there is a legal obligation. Processing may also take place if it is in the public interest, based on the exercise of official authority, or necessary for the purposes of the legitimate interests pursued by the provider or a third party. Upon request, the provider will inform users at any time which legal basis applies in the individual case and whether the provision of personal data is mandatory or required for the conclusion of a contract.

Personal data is processed for the following purposes:

Operation of the platform and user management
Legal basis: Art. 6(1)(b) GDPR

Placement of caregivers and establishing contact
Legal basis: Art. 6(1)(b) GDPR

Processing of payments and payouts
Legal basis: Art. 6(1)(b) GDPR

Compliance with legal obligations
Legal basis: Art. 6(1)(c) GDPR

System security, error analysis, abuse prevention
Legal basis: Art. 6(1)(f) GDPR

Analytics, statistics and reach measurement
Legal basis: Art. 6(1)(f) GDPR (legitimate interest), or Art. 6(1)(a) GDPR (consent) where cookie-specific

Advertising, tracking and remarketing
Legal basis: Art. 6(1)(a) GDPR (consent)

Processing of health data
Legal basis: Art. 9(2)(a) GDPR (explicit consent)

3. Detailed Information on the Processing of Personal Data

3.1 Registration and Login

By registering or logging in via the CAIR App, users authorise the platform to identify them and to grant access to certain features. Login may also occur via third-party providers such as “Apple Sign In” or “Google Sign In”. In this case, the CAIR App gains access to certain stored data that is required for registration or identification. Third-party providers may also process data for their own purposes, such as targeting or profiling. Further details can be found in the respective providers’ privacy notices.

Integrated services

Direct registration

Users can register directly in the CAIR App by filling out a registration form and entering their personal data themselves. This data is used solely to create the account, identify the user and provide the app’s features.

Personal data processed: E-mail, password, usage data, trackers.

Google Sign In

Google Sign In enables users to register or log in to the CAIR App using their Google account. The CAIR App thereby gains access to certain data provided by Google. Google may also process this data for its own services.

Personal data processed: Name, e-mail address, profile picture, user ID.

Place of processing: United States – Privacy Policy.

Apple Sign In

Apple Sign In allows users to log in to the CAIR App using their Apple ID. Depending on the user’s selection, the e-mail address can be shared or hidden (“Hide My Email”). Apple only transmits the data necessary for login.

Personal data processed: Name, e-mail address (or encrypted relay address), user ID.

Place of processing: United States – Privacy Policy.

3.2 Contacting the Provider

By filling out the contact form, users provide their data and allow the CAIR App to use it to respond to enquiries – for example about information, offers or other matters indicated. The details may also be used for direct in-app communication.

Personal data processed: E-mail; usage data.

3.3 Management of Contacts and Sending Messages

These services are used to manage e-mail addresses, telephone numbers and other contact details and to contact users in a targeted manner. They can also record when messages are opened or whether the user has interacted with them, for example by clicking on embedded links.

customer.io (Peaberry Software Inc.)

Customer.io is a service for managing and automating e-mail communication and in-app messages. It makes it possible to target users based on their behaviour or the data they provide and to control communication workflows. It can also collect information about whether and when messages were opened or links were clicked.

Personal data processed: E-mail address, usage data, communication data, further data as described in the service’s privacy policy.

Place of processing: United States – Privacy Policy.

resend (resend, Inc.)

Resend is a service for the transmission and management of transactional e-mails, used to send technical or system-related messages. In this context, personal data may be processed relating to the delivery, deliverability and use of these e-mails, including technical information concerning user interaction.

Personal data processed: E-mail address, usage data, communication and delivery data, further data as described in the service’s privacy policy.

Place of processing: United States – Privacy Policy.

3.4 Handling of Payments

Payment data is processed to securely handle transactions and to provide payment confirmations. Payment service providers may be involved, who also receive data. This processing serves security and fraud prevention.

Services

Apple Pay (Apple Inc.)

A mobile payment service that can be used to process payments.
Personal data processed: Payment tokens; device IDs; transaction data.
Place of processing: United States
Privacy Policy

Google Pay (Google Ireland Limited / Google LLC)

A digital wallet service for processing payments within the platform.
Personal data processed: Payment data; pseudonymised card data; device identifier.
Place of processing: European Union / United States
Privacy Policy

PayPal (PayPal Europe S.à r.l. et Cie, S.C.A.)

A payment service provider for processing (online) payments.
Personal data processed: Payment data; transaction data; usage data.
Place of processing: European Union / United States
Privacy Policy

Stripe (Stripe Payments Europe Limited / Stripe Inc.)

Stripe is a payment processing service for handling credit card, account and transaction data.
Personal data processed: Payment information, transaction data, usage data, pseudonymised card details.
Place of processing: European Union / United States
Privacy Policy

3.5 Hosting and Backend Infrastructure

Data is stored and processed on external servers to ensure that our platform operates in a stable, secure and high-performance manner. This includes technical data such as log files as well as personal user data. Data processing takes place in accordance with high security standards.

Integrated services

Firebase Cloud Functions

Firebase Cloud Functions is a backend service from Google that executes server-side functions for the CAIR App. Usage data and further data as described in the service’s privacy policy are processed. The place of processing is Germany.

Personal data processed: Usage data; various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

Firebase Cloud Firestore (Google Ireland Limited / Google LLC)

Firebase Cloud Firestore is a database and backend service from Google used to store and manage app data. Usage data and other data listed in the service’s privacy policy are processed. The place of processing is Germany.

Personal data processed: Usage data; various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

Firebase Cloud Storage (Google Ireland Limited / Google LLC)

Firebase Cloud Storage is a hosting service from Google used to store files within the CAIR App. Usage data and further data listed in the service’s privacy policy are processed. The place of processing is Germany.

Personal data processed: Usage data; various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

Firebase Realtime Database (Google Ireland Limited / Google LLC)

Firebase Realtime Database is a database and backend service from Google that provides real-time data for the CAIR App. Usage data and further data listed in the service’s privacy policy are processed. The place of processing is Germany.

Personal data processed: Usage data; various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

3.6 Server Log Files

Server log files (web server logs)

When our website is accessed, so-called server log files are automatically created by the hosting provider. These log files serve the technical provision, stability and security of our web offering.

The following data may be processed:

IP address of the requesting device
Date and time of the request
Time zone difference to GMT
Page/file accessed (request URL)
HTTP status code
Amount of data transferred
Referrer URL (the page from which the access originated)
Browser type and version
Operating system and its interface
Host name of the accessing device

For security reasons (e.g. to investigate misuse or fraud attempts), this data is stored in log files for a limited period and then deleted or anonymised.

The legal basis is our legitimate interest in the secure and error-free provision of the website (Art. 6(1)(f) GDPR).

The data is not merged with other data sources and is not used for marketing purposes.

3.7 Internal Tools, Automation and Data Processing

n8n (n8n GmbH)

n8n is a workflow and automation service used to process, link and forward data between different systems. Personal data may be processed automatically, depending on the workflows set up.

Personal data processed: Various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

Google Drive (Google Ireland Limited / Google LLC)

Google Drive is a cloud storage service used for storing, managing and sharing files. Personal data may be processed if it is included in stored documents or transmitted in the context of collaboration.

Personal data processed: Various types of data as described in the service’s privacy policy.

Place of processing: European Union / United States – Privacy Policy.

3.8 Display of External Content

We collect data to display content from third-party providers – such as maps, videos or social media elements – directly within our platform. In doing so, it may be necessary for external providers to receive technical data such as IP addresses or usage data. This serves the secure and functional display of embedded content.

Integrated services

Mapbox (Mapbox Inc.)

Mapbox is a mapping service used in the CAIR App and on the website to provide interactive maps and location features. Technical data such as device information, IP addresses or usage data may be processed. This information may also be used by Mapbox to improve the service and provide location-based features.

Personal data processed: IP address; device information; usage data.

Place of processing: United States – Privacy Policy.

Google Fonts

Google Fonts is a service from Google that provides fonts for displaying content in the CAIR App. Usage data and technical identifiers may be collected. The place of processing is the United States.

Personal data processed: Usage data; trackers.

Place of processing: United States – Privacy Policy.

3.9 Analytics and Tracking Services

Data is collected to understand how users use our app or website. This helps us improve features, fix errors and optimise the user experience. Analytics data is generally processed in anonymised or pseudonymised form.

Integrated services

Google Analytics for Firebase (for apps) (Google LLC)

Google Analytics for Firebase is an analytics service from Google used in the CAIR App. It uses identifiers for mobile devices and similar tracking technologies. Data may also be shared with other Firebase services such as Crash Reporting or Remote Config.

Personal data processed: Number of sessions, operating systems, device information, usage data, session duration, trackers.

Place of processing: United States – Privacy Policy.

Google Analytics (Google Ireland Limited / Google LLC)

Google Analytics 4 is a web analytics service from Google used to analyse the use of the CAIR App and compile corresponding reports. The data collected may also be used for other Google services and for personalised advertising. IP addresses are used only at the moment of collection and then deleted before the data is stored.

Personal data processed: Number of users, usage data, session statistics, trackers.

Place of processing: United States – Privacy Policy.

Tracking and analytics on the website (web tracking)

Cookies and similar technologies are used on the CAIR platform’s website to carry out usage analyses, conversion measurements and reach measurements. These technologies are activated only after users have given their explicit consent.

The legal basis for the use of non-technically necessary cookies is Art. 6(1)(a) GDPR in conjunction with Section 25(1) TTDSG.

Consent is obtained via a consent management system and can be withdrawn or adjusted at any time via the cookie settings on the website.

Tracking and analytics in the CAIR App (app tracking)

In the mobile CAIR App, analytics and tracking services are used that do not rely on cookies but on device-related identifiers such as device IDs, app instance IDs or advertiser IDs. These technologies enable the analysis of app use, error diagnostics and A/B testing to improve the user experience.

This processing takes place only after explicit consent is given when the app is first started. Users can withdraw their consent at any time via the app settings or by contacting support.

The legal basis is Art. 6(1)(a) GDPR.

3.10 Delivery of Different Content (A/B Testing)

A/B testing and configuration management

These services allow the CAIR App to test changes to features, layout or content and analyse how users respond. In this way, the app can be improved and adapted to user behaviour.

Firebase Remote Config (Google Ireland Limited)

Firebase Remote Config is a service that enables different app variants to be tested and settings to be adjusted dynamically without requiring an app update. Various personal data may be processed, as described in the service’s privacy policy.

Personal data processed: Various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

3.11 Remarketing and Behavioural Targeting

These services enable the CAIR App and its partners to analyse usage behaviour from previous sessions in order to deliver and optimise targeted advertising. For this purpose, usage data and trackers are used and shared with partners who carry out remarketing or behavioural targeting measures. Users can usually disable tracking and can learn in the relevant section of this Privacy Policy how to opt out of interest-based advertising.

Google Ads

An advertising system for delivering ads and remarketing.

Personal data processed: Cookie IDs; usage data; device information; trackers.

Place of processing: European Union / United States – Privacy Policy.

Meta Ads / Facebook Ads (Meta Platforms Ireland Limited)

A service for delivering personalised advertising and measuring reach.

Personal data processed: Cookie IDs; usage data; device information; trackers.

Place of processing: European Union / United States – Privacy Policy.

Outbrain (Outbrain Inc.)

A recommendation and retargeting system for tracking user interactions.

Personal data processed: Usage data; cookie IDs; device information; trackers.

Place of processing: European Union / United States – Privacy Policy.

Pinterest Ads (Pinterest Europe Ltd.)

A marketing service for delivering and measuring ads.

Personal data processed: Cookie IDs; usage data; device information; trackers.

Place of processing: European Union – Privacy Policy.

Taboola (Taboola Inc.)

An advertising service for delivering personalised content and ads.

Personal data processed: Usage data; cookie IDs; device information; trackers.

Place of processing: European Union / United States – Privacy Policy.

TikTok Ads (TikTok Technology Limited)

An advertising system for creating audiences and delivering ads based on user data.

Personal data processed: Cookie IDs; usage data; device information; trackers.

Place of processing: European Union / United States – Privacy Policy.

3.12 Social Features

This section describes services that enable sharing, linking or forwarding of content and that may track usage paths. They support interaction within the CAIR App and provide information about how users access or share content.

Firebase Dynamic Links (Google Ireland Limited)

Firebase Dynamic Links is a service from Google used to create personalised links and track their usage. These links make it possible to trace and evaluate user paths within the CAIR App – for example, to see how users reach certain content. Various personal data may be processed, as described in the service’s privacy policy.

Personal data processed: Various types of data as described in the service’s privacy policy.

Place of processing: Germany – Privacy Policy.

3.13 Location-Based Interaction

This section describes features that use the user’s geographical location to provide certain app functions. Location data is requested only with the user’s consent and not continuously, but only when required for a specific feature.

Non-continuous geolocation (CAIR App)

The CAIR App may collect location data to provide location-based features, but only if the user has explicitly consented. Location determination is not continuous, but situational – either upon the user’s request or when the user agrees to automatic location queries.

Personal data processed: Geographical location.

3.14 Tag Management

Tags help us categorise and track user actions, content or technical processes. Certain usage data is collected and analysed for this purpose. Tag management serves to better evaluate interactions and optimise the service.

Google Tag Manager (Google LLC)

Google Tag Manager is a service from Google for managing tracking tags and scripts within the CAIR App. Usage data may be collected and transmitted to Google. Further information on data processing can be found in Google’s partner policies.

Personal data processed: Usage data; trackers.

Place of processing: United States – Privacy Policy.

3.15 Device Permissions for Access to Personal Data

Certain app features require access rights to the device, for example to the camera, storage, contacts or location. This data is used only where necessary for the respective feature. Access is granted solely with the user’s consent.

3.16 Marketing Push Notifications

In addition, the CAIR App may send push notifications for advertising or direct marketing purposes, including third-party offers. Users can also disable these marketing notifications via the device settings or exercise their rights as described in the “Users’ rights” section. Consent is obtained using a double opt-in procedure.

3.17 Transactional Push Notifications

The CAIR App may send push notifications to inform users about features, updates or other purposes described in this Privacy Policy. Users can disable push notifications at any time via the device settings, for example through the notification options of the operating system. However, disabling notifications may affect the use of certain features.

4. Processing of Special Categories of Personal Data (Health Data)

The CAIR platform processes health data (e.g. degree of care, care-relevant information or documents) where this is voluntarily provided by the user. This data is used exclusively to match users with suitable caregivers and to ensure the quality of care.

Processing takes place solely on the basis of explicit, documented consent in accordance with Art. 9(2)(a) GDPR.

Consent is obtained in the course of registration or when entering the relevant information and may be withdrawn at any time with effect for the future.

Health data is transferred only to selected caregivers where necessary for placement and only to persons who are obliged to treat the data confidentially.

In addition, profile data may be shared with third parties in anonymised or pseudonymised form in order to identify suitable offers, available caregivers or appropriate matching opportunities.

In doing so, the CAIR platform ensures that the data subject cannot be identified and that no health data or directly attributable personal information is disclosed.

5. Categories of Recipients of Personal Data

Depending on the processing activity, personal data may be transmitted to the following categories of recipients:

Caregivers, for the purpose of placing them and establishing contact in the context of the care process.
Relatives or persons seeking care, where this is necessary for placement or communication.
Payment service providers (Stripe, PayPal, Apple Pay, Google Pay) for the processing of payments and payouts.
Communication and messaging services (e.g. Customer.io, Resend) for e-mails, in-app messages and notifications.
IT service providers such as hosting, cloud, logging or technology providers, which are engaged as processors in accordance with Art. 28 GDPR.
Internal departments (e.g. support, accounting, compliance), where necessary to fulfil contractual or legal obligations.
Cooperation partners, where the user has consented or where this is necessary for the performance of a contract.
Foreign partners, in particular platforms for caregivers in EU and non-EU countries, where this is required for placement, for providing suitable care offers or for finding suitable caregivers.

Personal data is shared only to the extent necessary for these purposes.

Transfers take place exclusively
- with the user’s consent, or
- in pseudonymised or anonymised form, so that the data subject cannot be identified.
  
  In the case of transfers to third countries, appropriate safeguards pursuant to Art. 44–49 GDPR are used (e.g. EU Standard Contractual Clauses).

A list of the processors currently engaged can be requested from the controller.

6. Data Transfers to Third Countries

Some of the services mentioned in this Privacy Policy process personal data outside the European Union, in particular in the United States. In such cases, data transfers are based on Standard Contractual Clauses of the European Commission pursuant to Art. 46(2)(c) GDPR or comparable safeguards that ensure an adequate level of data protection.

7. Cookies and Tracking Technologies

7.1 Use of Cookies and Similar Technologies

This platform uses cookies and comparable technologies for provision, analytics, extension of functionality and, where applicable, for marketing or remarketing purposes.

Technically necessary cookies are used to provide the platform and do not require consent.

Analytics, marketing or remarketing cookies are set only after consent has been given. Consent can be withdrawn at any time or changed via the cookie settings. A consent management platform (CMP) is used to manage consents.

7.2 Consent Management System

This platform uses a consent management system (CMP) to obtain and document consent for the use of cookies, trackers and similar technologies. The CMP used is provided by Iubenda. Users can withdraw or adjust their consents at any time.

The CMP ensures that cookies or comparable technologies are activated only after explicit consent has been given, unless they are technically necessary.

The cookie settings can be changed on the website.

8. Minors

Use of the platform is not intended for persons under 16 years of age. Should data of minors nevertheless be processed, it will be deleted.

9. Users’ Rights

9.1 Users’ Rights under the GDPR

Users have a number of data protection rights in relation to their personal data. They may withdraw their consent at any time and may object to processing where it is not based on their consent. Users also have the right to know whether data is being processed, to obtain information about the processing and to request a copy of the data. They may request the rectification of inaccurate data or the restriction of processing, so that the data is only stored. Under the conditions laid down by law, users may request the deletion of their data. They also have the right to receive their data in a commonly used, machine-readable format and – where technically feasible – to have it transmitted to another controller. Furthermore, users can lodge a complaint with the competent supervisory authority. On request, the provider will also inform them on what basis personal data is transferred abroad and what security measures apply.

9.2 Right to Object

Where personal data is processed in the public interest, on the basis of official authority or for the purposes of legitimate interests, users may object to such processing on grounds relating to their particular situation. Users may also object at any time, without giving reasons, to the processing of their data for direct marketing purposes. In such cases, the data will no longer be used for marketing.

9.3 Exercising Users’ Rights

All requests to exercise data subject rights may be addressed to the provider via the contact channels indicated in this Privacy Policy. These requests are free of charge and will be answered as quickly as possible and at the latest within one month. The provider will also inform all recipients of personal data of any rectification, deletion or restriction, unless this proves impossible or would involve disproportionate effort. Upon request, the provider will inform users which recipients are concerned.

9.4 Right to Lodge a Complaint with a Supervisory Authority

Users have the right to lodge a complaint with a data protection supervisory authority. The authority responsible for CAIR AG is:

Bayerisches Landesamt für Datenschutzaufsicht (BayLDA)
Promenade 18
91522 Ansbach
Germany
Website: www.lda.bayern.de

10. Storage Period

Personal data is generally stored only for as long as is necessary for the respective purpose. Data processed for the performance of a contract with the user is stored until the contract has been fully performed. Where data is processed for the purposes of legitimate interests, it is stored only for as long as such interests exist. Longer storage is possible where the user has consented or where legal obligations or official orders require it. As soon as the storage period has expired, the data is deleted. After that point, rights such as access, deletion, rectification or data portability can no longer be exercised.

11. Legal Measures

Personal data may be processed where this is necessary for the enforcement of rights, for example in connection with legal proceedings resulting from misuse of the CAIR App. Users acknowledge that the provider may be legally obliged to disclose personal data to authorities.

12. Further Information on the Processing of Personal Data

Users may request additional details on the processing of personal data at any time. On request, the CAIR App will provide further information, for example on the legal basis, storage periods or the security measures applied.

12.1 System Logs and Maintenance

The CAIR App and external services may collect log files for technical and operational purposes, documenting interactions within the app. These may include personal data such as IP addresses.

12.2 Information Not Included

If certain information is not included in this Privacy Policy, users can request it at any time via the contact channels indicated.

12.3 Processing Methods

The provider processes users’ personal data in accordance with recognised standards and implements appropriate technical and organisational security measures to prevent unauthorised access, unlawful disclosure, alteration or deletion of data. Processing is carried out using computers and IT systems and follows internal procedures specifically tailored to the respective purposes of data processing. In addition to the controller, internal departments such as human resources, sales, marketing, legal or system administration as well as external service providers may have access to the data, where this is necessary for operating the CAIR App. External parties act as processors in this case and are designated accordingly. An up-to-date list of all internal and external parties involved can be requested from the provider at any time.

13. Changes to this Privacy Policy

The provider reserves the right to modify this Privacy Policy at any time. Users will be informed of material changes on this page, within the app or – where possible – by notice sent to the contact details on file. Users are advised to review this Policy regularly and to note the date of the last update at the end of the document. Where changes affect the use of personal data based on consent, the provider may request renewed consent if necessary.

Definitions

Personal data (or “data”)
Any information relating to an identified or identifiable natural person, or that can be used to identify a person directly or indirectly.

Usage data
This includes automatically collected technical information that arises when accessing the CAIR App or embedded third-party services. It includes, among other things, IP addresses or domain names of the devices used, URI addresses (Uniform Resource Identifier), the time and type of server request, the size of the server response, status codes, information on the user’s origin, browser and operating system information, time-related details of usage (such as time spent on individual pages) as well as information on navigation paths within the app. Data relating to the IT environment or the device used may also be included.

User
The person using the CAIR App. Unless otherwise specified, the user is also the data subject.

Data subject
The natural person to whom the processed personal data relates.

Processor
A natural or legal person, public authority or organisation that processes personal data on behalf of the controller, as described in this Privacy Policy.

Controller (also “provider” or “owner”)
The natural or legal person, public authority or organisation that, alone or jointly with others, determines the purposes and means of the processing of personal data. This includes measures for data security as well as managing the operation of the CAIR App. Unless otherwise specified, the controller is the entity that enables operation of the CAIR App.

CAIR App (or “this application”)
The technical system – whether software, app or web application – through which users’ personal data is collected and processed.

Service
The service provided via the CAIR App in accordance with the applicable Terms of Use and the information contained in this Privacy Policy.

European Union (or “EU”)
All references to the European Union include, unless otherwise specified, the member states of the EU as well as the European Economic Area (EEA).

Cookie
A cookie is a small data set stored in the user’s browser that serves to identify the user or store information.

Tracker
Trackers are technologies such as cookies, unique identifiers, web beacons, scripts, ETags or fingerprinting. They enable the tracking of user interactions or the storage and retrieval of information on the user’s device.