Legal
Cookie Policy
Last updated: 26 April 2026
1. What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work, to remember your preferences, and to provide information to site owners. Similar technologies include localStorage — a browser-side key/value store — which we also use and describe below.
2. What We Use and Why
droppd uses a minimal set of cookies and storage entries. We do not use advertising cookies, tracking pixels, or fingerprinting of any kind.
2.1 Strictly necessary cookies
These cookies are essential for the service to function. They enable authentication and secure navigation. They are set automatically when you log in and cannot be disabled without breaking the service. No consent is required under Art. 5(3) ePrivacy Directive.
| sb-[ref]-auth-token | Supabase session token. Keeps you logged in. Duration: session / up to 7 days. |
| sb-[ref]-auth-token-code-verifier | PKCE code verifier for OAuth flows. Duration: session only. |
2.2 Preference storage (localStorage)
We store one item in your browser’s localStorage to remember your cookie consent choice. This is not transmitted to our servers and does not track you across sites.
| droppd:analytics-consent | Stores your analytics consent preference (accepted / rejected). Persistent until you clear browser data or change your preference in Account → Privacy. |
2.3 Analytics cookies
droppd uses Google Analytics 4 (via Google Tag Manager) to collect anonymous, aggregated usage data. Analytics cookies are only set after you have given explicit consent via the cookie banner or Account › Privacy. No personal data is shared with third parties. You can withdraw or change your consent at any time.
| _ga | Google Analytics. Distinguishes unique users. Duration: 2 years. |
| _ga_* | Google Analytics. Stores session state. Duration: 2 years. |
2.4 Advertising cookies
droppd does not serve advertising and has no relationship with ad-tech platforms. No advertising cookies are set through our service.
3. Third-Party Services
Some third-party services we rely on may set their own cookies or access browser storage independently. We have no control over these cookies; please refer to each provider’s own policy.
| Supabase | Authentication provider. Sets the session cookies listed in Section 2.1. Privacy policy: supabase.com/privacy |
| Stripe | Payment processor. May set cookies on checkout pages to prevent fraud. Privacy policy: stripe.com/privacy |
| Vercel | Hosting provider. May set infrastructure-level cookies for load balancing. Privacy policy: vercel.com/legal/privacy-policy |
4. Managing Your Preferences
4.1 Cookie banner
On your first visit, a banner allows you to accept all cookies, reject optional cookies, or manage preferences granularly. You can change your choice at any time.
4.2 Account settings
Registered users can update or withdraw analytics consent at any time via Account › Privacy. Withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal.
4.3 Browser controls
You can also manage or delete cookies directly through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in to droppd. Guidance for common browsers:
5. Retention
| Session cookies | Deleted when you close your browser. |
| Persistent auth token | Up to 7 days, or until you log out. |
| droppd:analytics-consent | Persistent in localStorage until cleared by you or by a browser reset. |
6. Changes to This Policy
We may update this Cookie Policy when we introduce new technologies or services. We will revise the “Last updated” date and notify registered users by email for material changes at least 14 days in advance.
7. Contact
For any questions about our use of cookies:
We aim to respond within 30 calendar days.