Legal
Cookie Policy
Last updated: [DATE — e.g. 1 June 2025]
1. What Are Cookies?
Cookies are small text files placed on your device by a website when you visit it. They are widely used to make websites work, to remember your preferences, and to provide information to site owners. Similar technologies include localStorage — a browser-side key/value store — which we also use and describe below.
2. What We Use and Why
droppd uses a minimal set of cookies and storage entries. We do not use advertising cookies, tracking pixels, or fingerprinting of any kind.
2.1 Strictly necessary cookies
These cookies are essential for the service to function. They enable authentication and secure navigation. They are set automatically when you log in and cannot be disabled without breaking the service. No consent is required under Art. 5(3) ePrivacy Directive.
| sb-[ref]-auth-token | Supabase session token. Keeps you logged in. Duration: session / up to 7 days. |
| sb-[ref]-auth-token-code-verifier | PKCE code verifier for OAuth flows. Duration: session only. |
2.2 Preference storage (localStorage)
We store one item in your browser’s localStorage to remember your cookie consent choice. This is not transmitted to our servers and does not track you across sites.
| droppd:analytics-consent | Stores your analytics consent preference (accepted / rejected). Persistent until you clear browser data or change your preference in Account → Privacy. |
2.3 Analytics cookies
Analytics tracking is not yet active on droppd. When activated, it will:
- Require your explicit prior consent via the cookie banner or Account › Privacy.
- Be fully anonymous — no personal data will be shared with third parties.
- Collect only aggregate page views and feature usage to help us improve the product.
This policy will be updated before analytics are enabled, and registered users will be notified by email at least 14 days in advance.
2.4 Advertising cookies
droppd does not serve advertising and has no relationship with ad-tech platforms. No advertising cookies are set through our service.
3. Third-Party Services
Some third-party services we rely on may set their own cookies or access browser storage independently. We have no control over these cookies; please refer to each provider’s own policy.
| Supabase | Authentication provider. Sets the session cookies listed in Section 2.1. Privacy policy: supabase.com/privacy |
| Stripe | Payment processor. May set cookies on checkout pages to prevent fraud. Privacy policy: stripe.com/privacy |
| Vercel | Hosting provider. May set infrastructure-level cookies for load balancing. Privacy policy: vercel.com/legal/privacy-policy |
4. Managing Your Preferences
4.1 Cookie banner
On your first visit, a banner allows you to accept all cookies, reject optional cookies, or manage preferences granularly. You can change your choice at any time.
4.2 Account settings
Registered users can update or withdraw analytics consent at any time via Account › Privacy. Withdrawing consent does not affect the lawfulness of any processing that took place before withdrawal.
4.3 Browser controls
You can also manage or delete cookies directly through your browser settings. Note that disabling strictly necessary cookies will prevent you from logging in to droppd. Guidance for common browsers:
5. Retention
| Session cookies | Deleted when you close your browser. |
| Persistent auth token | Up to 7 days, or until you log out. |
| droppd:analytics-consent | Persistent in localStorage until cleared by you or by a browser reset. |
6. Changes to This Policy
We may update this Cookie Policy when we introduce new technologies or services. We will revise the “Last updated” date and notify registered users by email for material changes at least 14 days in advance.
7. Contact
For any questions about our use of cookies:
We aim to respond within 30 calendar days.