Cookie Policy
Last updated:
We use the smallest cookie footprint we can. No third-party tracking cookies, no ad cookies, no fingerprinting SDKs. The cookies below are the full set.
What we set
| Name | Purpose | Duration | Type |
|---|---|---|---|
bv_session | Signed session cookie. Required to stay logged in. Flags: HttpOnly, Secure, SameSite=Lax. | Up to 30 days | Functional (strictly necessary) |
sb-* | Supabase client cookies used by our auth layer (token refresh). HttpOnly, Secure. | Up to 30 days | Functional (strictly necessary) |
Third-party cookies
None in v1. We do not embed third-party analytics, advertising, or social widgets that set cookies on our site. Email open tracking runs via pixel URL from Resend, not a cookie.
How to control cookies
All cookies we set are strictly necessary for the Service to work. Disabling them will log you out and may break features. You can manage cookies in your browser settings. We do not show a cookie consent banner because we do not use non-essential cookies.
Do-Not-Track
We honor the Global Privacy Control signal where present. As we do not run ads or sell data, the practical effect is limited, but we will not enable non-essential tracking in response to a GPC signal.
Changelog
- — Initial version.