← Back to RegimeFlow

Cookies Policy

Last updated: May 17, 2026

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They allow the site to remember your preferences, keep you logged in, and gather aggregated usage statistics. Similar technologies include localStorage, sessionStorage, and pixel tags.

2. Cookies we use

Strictly necessary (no consent required)

  • sb-access-token, sb-refresh-token (Supabase) — keep you signed in. Lifespan: 1 hour (access) / 30 days (refresh). First-party, HttpOnly.
  • CookieScriptConsent (Cookie-Script) — remembers your cookie preferences. Lifespan: 12 months. First-party.
  • rl:api:* (Upstash, server-side) — rate-limit cache. Lifespan: 60 seconds. Not a browser cookie; hashed IP only.

Analytics (consent required in EU/UK)

  • Vercel Analytics — privacy-preserving, cookieless. Aggregates page views and performance metrics without identifying individual users. No personal data collected.
  • Vercel Speed Insights — performance measurement, cookieless.

Marketing / advertising

We currently do not use marketing or advertising cookies. If we add them (e.g., Meta Pixel, Google Ads conversion), they will be blocked by default and only activated after explicit opt-in via the consent banner.

3. Managing your preferences

You can change your cookie preferences at any time by clicking the "Do Not Sell or Share My Personal Information" link in the footer of any page. This reopens the consent panel managed by Cookie-Script Ltd.

You may also disable cookies entirely through your browser settings. Note that disabling strictly necessary cookies will break authentication and you will not be able to use the platform.

4. Browser-specific instructions

  • Chrome: Settings → Privacy and security → Third-party cookies
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

5. Do Not Track

We honor the browser Do Not Track signal where technically feasible. When DNT is enabled, all non-essential cookies are blocked by default.

6. Changes

We will update this policy when we add or remove cookies. The "Last updated" date reflects the current version. For privacy-related questions, contact privacy@regimeflow.com.