Essential cookies
Required for the service to work. Blocking them breaks login and checkout.
sb-*— Supabase Auth session cookies (signed, HttpOnly). Needed to keep you signed in between pages.__Host-*— session hardening cookies set by Next.js for CSRF protection.
Third-party cookies (contextual)
- Stripe Checkout — Stripe sets its own session and fraud-prevention cookies on js.stripe.com during payment. Required to process the transaction.
- Cloudflare — may set bot-management cookies to block abusive traffic at the edge.
Analytics cookies (optional)
- PostHog — product analytics. Disabled by default; enabled only when you opt in via the in-app toggle (if shown). We do not share PostHog data with advertisers.
We do not use Google Analytics, Meta Pixel or any ad-tech pixel.
How to control cookies
Most browsers let you view, clear or block cookies in settings. You can also run the site in a private/incognito window to avoid persistent cookies. Blocking essential cookies will prevent login and checkout from working.