Loading…
Last updated: 2026-06-13
SoundAssist takes a minimal approach to browser storage. The only cookies we set are strictly necessary for the service to function: authentication and the PKCE verifier used for OAuth + magic-link sign-in. (Our CSRF protection is a same-origin request check, not a cookie.) We set no advertising cookies and do not share your browsing behaviour with anyone.
We do use privacy-friendly, cookieless product analytics (Vercel Analytics) and Sentry performance tracing to understand how the product is used. Because these are non-essential under the EU ePrivacy Directive, they run only after you opt in via the consent banner shown on your first visit. Strictly-necessary cookies and crash-only error reporting run regardless. You can change your choice at any time below.
Turn cookieless analytics + performance tracing on or off for this browser. Withdrawing is as easy as granting (GDPR Art. 7).
Checking your current choice…
This choice is stored only in your browser. Strictly-necessary cookies and crash reporting are unaffected.
| Name | Purpose | Lifetime | Category |
|---|---|---|---|
| sb-<project-ref>-auth-token | Supabase Auth session. HttpOnly, Secure, SameSite=Lax. Cleared on sign-out. | Until sign-out, or 1 hour idle (rotates via refresh token). | necessary |
| sb-<project-ref>-auth-token-code-verifier | PKCE code verifier for OAuth + magic-link flows. Cleared after the auth callback completes. | 5 minutes maximum. | necessary |
| t_unlock | Set only when you unlock a password-protected file transfer. Holds a per-transfer unlock token (an HMAC, never the password) so the download links work without putting the password in a URL. HttpOnly, Secure, SameSite=Lax, scoped to that one transfer's path. | Until the transfer expires (max 7 days). | necessary |
Strictly-necessary cookies are exempt from consent under the EU ePrivacy Directive. They cannot be disabled without breaking the service - you can sign out at any time which clears them.
We use the browser's localStorage for ephemeral non-identifying state. These are not transmitted to our servers and are not technically cookies, but listed here for transparency.
| Key | Purpose | Cleared when |
|---|---|---|
| sa-consent | Remembers your analytics consent choice (granted or denied) so the consent banner is not shown again on every visit. Necessary for the consent mechanism itself; stored only in your browser, never sent to our servers. | Persists until you change it (via the control above) or clear your browser data. |
| soundassist:search:recent | Recent search queries (max 5) so the search box can suggest them on focus. | On sign-out; or manually via browser tools. |
| sa-bt-notice-dismissed, sa.installPromptDismissed, sa-feed-dismiss*, sa-following-dismiss, sa-onboarding* | Records which one-time prompts you have dismissed (the Bluetooth-audio notice, the "install the app" prompt, and contextual feed / onboarding hints) so we do not re-show them. | Most clear on sign-out; the install-prompt key persists until you clear your browser data. |
| session-metrics-pending:<id> | Session quality metrics (first-byte time, heartbeat gaps, recovery events) buffered locally if a session tab closes before they finish uploading. Re-applied and removed on your next session. | After successful upload on your next session, or on sign-out. |
We also use a small set of functional UI-state keys (for example: sidebar collapsed/expanded, last-active panel, player volume, recently-played, and feed seen-state). They remember your layout and playback preferences between visits, are never sent to our servers, and are not used to identify or track you.
Your Supabase session token lives in an HttpOnly cookie - it cannot be read by any JavaScript, including ours. This means even a successful cross-site scripting attack against this site cannot steal your session. localStorage is used only for the non-sensitive functional items listed above.
All major browsers let you block cookies per site, clear stored data, or use private / incognito mode. See:
Note: blocking the strictly-necessary cookies will prevent sign-in.
Contact info@soundassist.online.