Skip to main content
Back to Supabrief
Last updated: May 15, 2026

Cookie Policy

Supabrief uses cookies and similar local-storage technologies to operate the Service and (with your consent) to understand how it's used. This page explains what we use and how you control it.

What is a “cookie”?

A cookie is a small piece of data that a website stores in your browser. We also use localStorage, which serves the same purpose with larger storage and no per-request transmission.

Categories we use

Strictly necessary (always on)

Required for sign-in and core functionality. These are exempt from consent requirements under ePrivacy because they are strictly necessary to provide the service you requested.

  • Supabase auth session — stored in localStorage under supabase.auth.token; keeps you signed in for up to 300 days.
  • CSRF / anti-fraud tokens — short-lived, set per request.
  • Cookie consent state — stored under supabrief.cookie-consent for up to 12 months so we don't re-prompt you on every visit.
  • Theme preference — light / dark / system.

Analytics (optional — requires consent)

Helps us understand which features get used and where users encounter friction. We do not load any analytics until you opt in. As of the date above, we do not currently load analytics; this category is reserved for future use. When we add a tool, we will update this page and bump the consent version so you are asked again.

Marketing (optional — requires consent)

Used to measure the effect of marketing campaigns. We do not currently use any marketing cookies; this category is reserved for future use.

How to manage your preferences

  • Cookie banner. EU, UK, and California visitors see a consent banner on first visit with three equally weighted options: Accept all, Reject all, Customize. Your choice is stored for 12 months.
  • Change your mind? Clear localStorage for supabrief.cookie-consent in your browser's developer tools, or contact our Grievance Officer and we will reset your consent on request. (We're also adding an in-app preferences page.)
  • Browser controls. Most browsers let you block cookies entirely. Note that blocking strictly necessary cookies will prevent sign-in.
  • California “Do Not Sell or Share”. See /legal/do-not-sell — we do not sell personal data to third parties, and our processing of your information for analytics-style sharing requires your opt-in.

Third-party cookies set by integrations you connect

When you connect an integration (Slack, Jira, GitHub), the OAuth or integration provider may set cookies in their own domain during the authorization flow. Those cookies are governed by the provider's own privacy and cookie policies, not ours.

Changes to this policy

We will update this page when we add or remove a cookie or tracker. Material changes will trigger a fresh consent prompt via the banner.

Legal

TermsPrivacyCookiesRefundsSubprocessorsDPAAcceptable UseDMCASecurityGrievance OfficerImprintDo Not Sell or Share

(c) 2026 Supabrief. All rights reserved.