Cookie Policy
Last updated: May 4, 2026
1. What are cookies?
Cookies are small text files placed on your device by the websites you visit. This policy also covers related technologies such as localStorage, sessionStorage, and server-set HttpOnly session tokens.
2. Categories we use
| Category | Purpose | Consent needed? |
|---|---|---|
| Strictly necessary | Auth session, CSRF protection, PKCE verifier, rate-limit identifier, billing cart state | No (legitimate interest / contract performance) |
| Functional | Theme preference, dismissed-banner flags, workspace selector | No — set only on explicit user action |
| Analytics | None — we do not use analytics cookies | N/A |
| Advertising / tracking | None. We do not serve third-party ads, tracking pixels, or fingerprinting. | N/A |
3. Specific cookies
sb-*-auth-token— Supabase session (HttpOnly, Secure, SameSite=Lax) — expires with sessionpkce_verifier— OAuth PKCE verifier for platform connect (HttpOnly, SameSite=Strict, 10-min TTL)theme— localStorage key for dark/light preferencevelo_workspace— currently selected workspace (signed, 30-day TTL)
4. Your controls
You can block or delete cookies via your browser settings. Blocking strictly-necessary cookies will prevent login and core features. Because we use no advertising or analytics cookies, there is no "reject all" banner — the default configuration is already privacy-by-default.
5. Do Not Track & Global Privacy Control
We honor the Global Privacy Control (GPC) signal and the legacy Do Not Track (DNT) header. When present, we disable any optional telemetry and treat the visit as a "do not sell or share" request under CCPA/CPRA — although we do not sell or share personal data to begin with.
6. Changes & Reservation of Rights
The Owner reserves the absolute, exclusive, and unfettered discretion, with or without prior notice and without liability, to add, change, restructure, or remove any cookie, localStorage key, fingerprint, telemetry signal, or similar technology; to add or change analytics, advertising, or third-party measurement tools; to modify or replace this Cookie Policy with effect upon posting; and to introduce new categories of data collection consistent with the data-use license in Privacy Policy section 4a and Terms of Service section 1.2. The Owner's Universal Reservation of Rights — Terms of Service section 1.1, the Benefits Reservation in section 1.3, the Dynamic Pricing & FX clause in section 1.4, the Comprehensive Owner Protections in section 18, and the No-Refund Policy are incorporated into this Cookie Policy in full. The exercise of any right under this section gives rise to no refund, credit-back, alternative compensation, or service credit of any kind, except only where applicable mandatory law preserves an unwaivable right and only to the absolute minimum the law requires.
7. Contact
Questions: privacy@genzhook.com