Cookies and push
What this site puts in your browser.
Last updated 17 July 2026
Short version: no advertising, no analytics, no tracking across other websites. But it is not nothing, and pages that claim "we use no cookies" are usually lying, so here is the actual list.
What is actually stored
OneSignal, on every page
We use OneSignal, Inc. (United States) for our email list and web push notifications. Its SDK loads on every page of this site, from OneSignal's CDN. When it loads, it:
- registers a service worker on this domain, from the file
OneSignalSDKWorker.jsin our root; - writes identifiers into your browser's localStorage and IndexedDB, so it can tell whether this browser is already subscribed;
- may set cookies of its own in the course of doing that.
This happens whether or not you subscribe, because the SDK has to load in order to ask. What it does not do is track you around other websites, build an advertising profile, or tell us who you are while you read.
Fonts
Our typefaces load from Google Fonts, which means your browser makes a request to Google's servers and Google sees the request. No cookie is set by us in the process.
Server logs
Not browser storage, but you should know: our host records IP address, user agent and requested page, for security and availability.
What is not here
- No Google Analytics, or any other analytics package. We genuinely do not know how many of you there are.
- No advertising pixels. No Meta pixel, no advertising tags of any kind.
- No cross-site tracking, no fingerprinting, no data brokers.
- No affiliate cookies. The links to resorts on each sheet are plain links with nothing appended.
Push notifications need your consent
Under the Privacy and Electronic Communications Regulations, we cannot send you push notifications without your consent, and we do not try to work around that.
The permission prompt comes from your browser, not from us. We can ask; the browser decides how and whether to show it, and you decide the answer. Declining breaks nothing. The site works identically, and if you subscribed by email you still get the brief. We do not nag, we do not re-prompt, and there is no modal blocking the page until you agree.
How to revoke it
- Push permission: in your browser's site settings for nilvado.com, set notifications to Block. You do not need to tell us and we will not know why.
- Local storage and service worker: clearing site data for nilvado.com in your browser removes them.
- The email list itself: that is separate from your browser. Reply to any brief or write to [email protected] and we delete the record.
- Blocking it before it loads: any standard content blocker will stop the OneSignal SDK. The site is built to work fine without it.
The legal basis, the international transfer position and your rights are set out in the privacy notice.