Cookie Policy
1. What Are Cookies?
Cookies are small text files that a website stores on your device when you visit. They let the site remember information about your visit — such as your authentication session, preferences, and usage patterns — so you don't have to re-enter information every time you return.
We also use similar technologies such as browser local storage and session storage for application state. This policy covers all such technologies collectively.
2. Cookies We Use
We use a minimal set of cookies, grouped into three categories:
2.1 Strictly Necessary Cookies
These cookies are essential for the platform to function. Without them, you cannot log in, access your dashboard, or use any authenticated feature. They cannot be disabled.
| Cookie / Key | Purpose | Duration |
|---|---|---|
sb-access-token | Supabase authentication session token | Session / 1 hour |
sb-refresh-token | Silent token refresh for authenticated sessions | Up to 7 days |
__Secure-next-auth.* | OAuth state and CSRF protection during Google sign-in flow | Session |
2.2 Functional Cookies
These cookies remember your preferences and improve your experience. Disabling them may reduce convenience but will not prevent you from using the platform.
| Cookie / Key | Purpose | Duration |
|---|---|---|
theme | Stores your light/dark mode preference | 1 year |
onboarding_complete | Tracks whether you have completed the setup wizard | Persistent |
2.3 Analytics Cookies
We use Sentry for error monitoring. Sentry may set session-scoped identifiers to correlate error events with a single browser session. No personally identifiable information is stored in these identifiers, and they are not used for advertising.
| Cookie / Key | Provider | Purpose | Duration |
|---|---|---|---|
_sentry-trace | Sentry.io | Error trace correlation | Session |
We do not use advertising cookies. We do not place cookies for retargeting, third-party ad networks, or behavioural profiling. We do not sell cookie data.
3. Third-Party Cookies
Some platform features use third-party services that may set their own cookies. These services operate under their own privacy policies:
- Paddle (billing): Paddle checkout pages are hosted by Paddle and may set cookies to support payment sessions and fraud prevention. See Paddle's Privacy Policy.
- Google OAuth: If you connect a Gmail account, Google's OAuth flow may set session cookies on Google-owned domains. See Google's Privacy Policy.
- Microsoft OAuth: If you connect an Outlook or Microsoft 365 account, Microsoft's OAuth flow may set session cookies on Microsoft-owned domains. See Microsoft's Privacy Statement.
4. How to Manage Cookies
You can control cookies through your browser settings. All modern browsers allow you to view, block, and delete cookies. Note that blocking strictly necessary cookies will prevent you from logging in to the application.
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
5. Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. We do not currently alter our cookie behaviour in response to DNT signals because we do not use tracking cookies for advertising purposes. Our cookie usage is limited to operational, functional, and error-monitoring purposes as described above.
6. Changes to This Policy
We may update this Cookie Policy from time to time. Material changes will be posted on this page with an updated "Last updated" date. Continued use of the platform after changes are posted constitutes your acceptance of the revised policy.
7. Contact
If you have questions about our cookie practices, contact us at: contact.cyberarcmsp@gmail.com or via our contact page.