GoNoGo Ratings and Reviews Ltd.
Effective date: 14 April 2026
This Cookie Policy explains how GoNoGo Ratings and Reviews Ltd (company number 16433454, registered in England and Wales) operates the website www.gonogo.co.za ("the Website") and uses cookies, local storage, and other similar tracking technologies when you visit.
We are committed to transparency about the technologies we use and to giving you meaningful control over your data. This policy should be read alongside our Privacy Policy, which explains how we process personal information more broadly.
By using the Website you acknowledge that you have read this Cookie Policy. Where we require your consent before placing non-essential cookies, we will ask for it through our cookie consent banner. You may withdraw that consent at any time — see Section 7 for details.
Cookies are small text files placed on your device by a website when you visit. They allow the website to remember information about your visit — such as your preferences, login state, or browsing behaviour — and can be read back during future visits.
Similar technologies include mechanisms that achieve comparable results without using a traditional cookie file. We use the following on the Website:
Cookies and similar technologies can be first-party (set by us) or third-party (set by an external service such as Google Analytics).
The use of cookies and similar technologies on South African websites is primarily governed by:
Under POPIA, we rely on the following lawful bases depending on the category of cookie:
We do not set any analytics, functionality, or authentication cookies until and unless you click "Accept" in the cookie consent banner, or until the relevant functionality (such as account creation) is activated by you.
The supervisory authority for data protection in South Africa is the Information Regulator of South Africa. You have the right to lodge a complaint with the Information Regulator if you believe your rights under POPIA have been infringed:
We organise the technologies on this Website into four categories. The tables below list each item individually with its name, provider, purpose, storage duration, and type.
These technologies are essential for the Website to function and cannot be switched off. They are used only to provide services you have explicitly requested — such as remembering your consent choice or maintaining a secure session. They do not collect information that could be used for marketing or to track you across other websites. No consent is required for these.
| Name | Provider | Purpose | Duration / Expiry | Type |
|---|---|---|---|---|
gonogo_cookie_consent |
GoNoGo (first-party) |
Stores your cookie consent choice — either "accepted" or
"rejected" — so the consent banner is not shown on every page visit.
Without this item, we could not honour your consent choice.
|
Persistent (no automatic expiry; remains until cleared by you) | localStorage |
gonogo_theme |
GoNoGo (first-party) |
Stores your display preference — either "light" or "dark"
mode — so the Website renders in your preferred theme on each visit without
requiring you to reselect it. Falls back to your operating-system preference
if not set.
|
Persistent (no automatic expiry; remains until cleared by you) | localStorage |
__vercel_* (e.g. __vercel_live_token) |
Vercel Inc. (third-party hosting) | Set by our hosting provider Vercel to support infrastructure-level routing, edge-network functions, and deployment previews. These cookies do not track individual users for marketing purposes and are strictly operational. | Session or short-term persistent (varies; typically session to 24 hours) | HTTP Cookie |
Analytics cookies help us understand how visitors interact with the Website — for example, which pages are most visited, how long visitors stay, and whether they encounter errors. This information is collected in aggregate form and used only to improve the Website. These are set only after you give your consent.
We use Google Analytics 4 (GA4) with measurement ID G-2C18K0YYXM.
GA4 is configured with anonymize_ip: true, meaning your IP address is anonymised
before any data is sent to Google's servers. We do not use GA4 for advertising or
remarketing purposes.
Google Analytics data may be transferred to and processed in the United States. Google acts as a processor on our behalf and has agreed to appropriate data-processing terms. For more information on how Google processes data, see Google's Privacy Policy.
| Name | Provider | Purpose | Duration / Expiry | Type |
|---|---|---|---|---|
_ga |
Google LLC (third-party) | The primary Google Analytics cookie. Registers a unique anonymous identifier used to distinguish users and generate statistical reports about how visitors use the Website. IP addresses are anonymised before transmission. | 2 years from last activity | HTTP Cookie (persistent) |
_ga_2C18K0YYXM (GA4 session cookie) |
Google LLC (third-party) |
GA4 property-specific cookie used to persist session state and identify the
measurement ID (G-2C18K0YYXM). Tracks page views and events within
a session. Works in conjunction with _ga.
|
2 years from last activity | HTTP Cookie (persistent) |
Functionality storage items enable enhanced features on the Website. They are used by authorised internal users (administrators and brand portal users) to maintain working sessions and operational overrides. Non-administrative visitors to www.gonogo.co.za will not normally have these items written to their devices. Where they are written — for example, if you access an authenticated portal — they are set only with appropriate authorisation.
These items are set only for authenticated portal sessions and therefore are placed only after relevant consent or the initiation of a contractual relationship.
| Name | Provider | Purpose | Duration / Expiry | Type |
|---|---|---|---|---|
gonogo_adminUser |
GoNoGo (first-party) | Stores a JSON object containing session data for an authenticated administrator, including user identifier and role information. Used to maintain the admin session across page navigation without requiring re-authentication on each page load. | Persistent (session-duration; cleared on logout or tab close in normal use) | localStorage |
gonogo_adminLoginTime |
GoNoGo (first-party) | Stores a Unix timestamp recording when an administrator logged in. Used to enforce session timeouts and trigger automatic logout after a defined period of inactivity, protecting admin accounts from unauthorised access. | Persistent (cleared on logout) | localStorage |
gonogo_brandUser |
GoNoGo (first-party) | Stores a JSON object containing session data for an authenticated brand portal user, including user identifier, brand association, and role. Enables brand portal functionality without requiring re-authentication on each page visit. | Persistent (session-duration; cleared on logout) | localStorage |
gonogo_brandLoginTime |
GoNoGo (first-party) | Stores a Unix timestamp recording when a brand portal user logged in. Used to enforce session timeouts and automatic logout after a defined period of inactivity. | Persistent (cleared on logout) | localStorage |
gonogo_researchDates |
GoNoGo (first-party) | Stores date-range override values for research and data queries within the admin or brand portal. Allows authorised users to view historical data for a specific period without requiring server-side configuration changes. | Persistent (until manually cleared or overwritten) | localStorage |
gonogo_brandOverrides |
GoNoGo (first-party) | Stores local brand data overrides (for example, display name or category adjustments) used by the brand portal interface. These overrides are applied client-side and are not shared with other users or sent to the server unless explicitly saved. | Persistent (until manually cleared or overwritten) | localStorage |
We are developing a public account system for www.gonogo.co.za. When this feature launches, additional cookies and storage items will be used to manage authenticated user sessions. This section describes those technologies so you are informed in advance; they are not currently active for general website visitors.
We will use Supabase as our authentication and database provider. Supabase processes data in accordance with its own Privacy Policy. Where Supabase processes personal data on our behalf, it acts as a data processor.
| Name | Provider | Purpose | Duration / Expiry | Type |
|---|---|---|---|---|
sb-*-auth-token (Supabase access token) |
GoNoGo / Supabase (first-party) | Stores a JWT (JSON Web Token) access token issued by Supabase Auth upon successful login. The token is used to authenticate API requests on your behalf during a session. It contains encoded user identity information and an expiry timestamp but does not contain your password. | Short-lived (typically 1 hour); auto-refreshed via refresh token | localStorage or HTTP Cookie (secure, HttpOnly) |
| Supabase refresh token | GoNoGo / Supabase (first-party) | Stores a long-lived refresh token used to obtain a new access token when the current one expires, without requiring you to log in again. Used for Remember Me functionality and persistent sessions. | Persistent (up to 30 days if "Remember Me" is selected; session-only otherwise) | localStorage or HTTP Cookie (secure, HttpOnly) |
| CSRF protection token | GoNoGo (first-party) | A randomly generated token included in state-changing requests (such as form submissions) to prevent Cross-Site Request Forgery (CSRF) attacks. This is a security mechanism required to protect your account. | Session (deleted when you close your browser tab) | HTTP Cookie (secure, SameSite=Strict) or localStorage |
| Session management cookie | GoNoGo (first-party) | Maintains your logged-in state across page navigation and browser tabs during an active session. Stores a reference to your server-side session record, not the session data itself. | Session (deleted on logout or browser close) or persistent up to 30 days | HTTP Cookie (secure, HttpOnly, SameSite=Lax) |
When the account system launches, we will update this Cookie Policy to reflect the live implementation details. We will notify registered users of any material changes. Consent for authentication cookies will be collected at the time of account creation or login, as required under POPIA.
We want to be clear about what we do not do with cookies:
When you first visit www.gonogo.co.za, a cookie consent banner is displayed at the bottom of the screen. The banner explains the categories of cookies used and provides two options:
gonogo_cookie_consent with the value "accepted".
Google Analytics will load on the current and future page views.
gonogo_cookie_consent with the value "rejected".
What constitutes valid consent under POPIA: Consent must be freely given, specific, informed, and unambiguous. Our banner meets these requirements because:
Withdrawing consent: You may withdraw consent at any time by clearing
the gonogo_cookie_consent item from your browser's localStorage (see
Section 7). On your next visit, the consent banner
will appear again and you may make a new choice. Withdrawing consent will not affect the
lawfulness of any processing carried out before withdrawal.
You have several ways to manage the cookies and similar technologies used on this Website.
The simplest way to change your consent choice is to clear your browser's localStorage for www.gonogo.co.za. This will cause the cookie banner to appear again on your next visit, allowing you to make a new choice.
All modern browsers allow you to view, manage, and delete cookies and localStorage data. The steps vary by browser:
Blocking strictly necessary localStorage items (such as gonogo_theme and
gonogo_cookie_consent) may affect the Website's appearance and functionality —
for example, the consent banner will be shown on every visit and your theme preference
will not be remembered.
In addition to using the cookie banner on our Website, you can prevent Google Analytics from collecting your data across all websites by installing the Google Analytics Opt-Out Browser Add-On.
You can also manage Google's use of your data via Google's My Account settings.
Some browsers support a "Do Not Track" (DNT) signal. We acknowledge DNT signals and, where a DNT signal is detected and no prior consent choice has been recorded, we will treat your visit as if you selected "Reject" on the consent banner — meaning no analytics cookies will be loaded.
The retention periods for each storage item and cookie are listed in the tables in Section 4. As a general principle:
Our Website may contain links to third-party websites. Once you leave www.gonogo.co.za, this Cookie Policy no longer applies. We are not responsible for the privacy or cookie practices of any third-party website and recommend that you review each site's own cookie and privacy policy.
Our Website is not directed at children under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at support@gonogo.co.za and we will delete the information promptly.
We may update this Cookie Policy from time to time to reflect changes to the technologies we use, changes in applicable law, or for other operational reasons. When we make material changes, we will:
gonogo_cookie_consent localStorage item (where technically
appropriate) so that a new consent banner is displayed, allowing you to review the
changes and make a new choice.
We encourage you to review this Cookie Policy periodically. Continued use of the Website after an update constitutes acknowledgement of the revised policy; however, your consent to non-essential cookies will always be re-sought if we introduce new non-essential cookie categories.
If you have any questions, concerns, or requests regarding this Cookie Policy or our use of cookies and similar technologies, please contact us:
For privacy-related requests (such as access to, correction of, or deletion of personal data), please also refer to our Privacy Policy for the full process.
If you are dissatisfied with our response, you have the right to escalate your complaint to the Information Regulator of South Africa: