Legal
Cookie policy
Bield uses only essential, functional storage. No advertising cookies, no third-party trackers, no analytics pixels.
What we store
Note: localStorage and sessionStorage are not cookies and are not governed by PECR, but we list them here for full transparency.
| Name / key | Type | Purpose | Expiry | Required? |
|---|---|---|---|---|
| sb-*-auth-token | localStorage | Supabase authentication session — keeps you logged in | Browser session | Yes — auth won't work without it |
| sb-*-auth-token-code-verifier | localStorage | PKCE code verifier for secure OAuth login | Cleared after login | Yes — login security |
| Draft wizard state | sessionStorage | Preserves unsaved wizard progress when you navigate away | Tab session | Yes — functional |
| Tab/UI preferences | localStorage | Remembers which tab you left open on certain pages | Browser session | Yes — functional |
What we do not use
- Advertising cookies
- Third-party analytics (Google Analytics, Meta Pixel, etc.)
- Tracking pixels
- Remarketing tags
The analytics beacon
We measure page visits using a lightweight, cookieless beacon. It sends the URL path and referrer to our own servers. It never sets a cookie, never stores anything in your browser, and never sends your name, email, or any identifier to a third party.
Third-party services
Supabase
Our backend database and authentication. Supabase may log server-side request metadata (IP, timestamps) in its own infrastructure, but sets no client-side tracking cookies.
Stripe
Used for Premium subscriptions. Checkout opens a Stripe-hosted page. Our app does not load Stripe.js; no Stripe cookies are set on Bield pages.
Strava
Used for activity import. We use OAuth only; no Strava SDK or cookies are set on Bield pages.
Changes
This policy is updated as the product evolves. Last reviewed: .