Cookie Policy

A cookie is a small text file a website stores in your browser. We also use functionally equivalent technologies (localStorage, IndexedDB) for the same purposes described here.

sb-*-auth-token — localStorage entry storing your Supabase Auth session. Required to keep you signed in. Persistent.

__session — short-lived signed cookie used to attach your identity to server-rendered pages. HttpOnly, Secure, SameSite=Lax.

xal_pref — your theme and dashboard preferences. Persistent, first-party only.

None. Sign-in with Google opens Google's domain in a popup; any cookies set there are Google's and governed by Google's policies — they are never readable by us.

Since we don't track, DNT signals don't change our behavior — there is nothing to disable.

You can clear cookies via your browser settings. Clearing the Supabase Auth entry will sign you out. We do not display a cookie consent banner because we don't set any non-essential cookies; under GDPR/ePrivacy, banners are only required for non-essential cookies.

If we ever add a non-essential cookie, we will update this page and ask for your consent before setting it.