Legal
Cookie Policy
Plain-language explanation of the cookies and similar technologies SetSally uses on this website and in the app, and how to control them. Compliant with the EU ePrivacy Directive 2002/58/EC and the GDPR.
Last updated:
1. What is a cookie
A cookie is a small text file stored on your device by a website. "Similar technologies" include localStorage, sessionStorage, IndexedDB, and tracking pixels — the rules below apply to all of them.
2. What we use
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
| setsally-cookie-consent | Stores your cookie preferences (necessary for the consent system to work) | HTTP cookie (first party) | 1 year |
| __session | Authentication — proves you are signed in to the app | HTTP cookie (first party, httpOnly, secure) | Session (cleared on sign-out) |
| __client_uat, __client | Authentication refresh — Clerk-managed | HTTP cookie (first party, httpOnly, secure) | Up to 60 days |
| sb-*-auth-token | Supabase auth tokens used by the data layer | HTTP cookie (first party, httpOnly, secure) | Up to 1 hour |
| crisp-session, crisp-client* | Live chat widget (if you open the support chat) | HTTP cookie (third party — Crisp) | Up to 6 months |
| Vercel Insights cookies | Anonymous page-view stats — only set if you opt in to analytics | HTTP cookie (first party) | Up to 1 year |
We do not use advertising cookies or cross-site tracking. We do not share cookie data with data brokers.
3. Lawful basis (ePrivacy Directive)
The ePrivacy Directive requires that non-essential cookies and trackers are only set after the user gives informed, specific consent (Art. 5(3)). We use two categories:
- Strictly necessary (authentication, security, load balancing, your consent preferences). These are exempt from consent under Art. 5(3) ePrivacy and Art. 6(1)(f) GDPR.
- Analytics and support (Vercel Insights, Crisp). These are off by default and require your consent via the cookie banner.
4. How to change your preferences
You can change your choices at any time. Two ways:
- Click the "Cookies" link in the site footer to reopen the consent banner.
- In the consent banner, click Customize and toggle the categories individually.
Your choice is stored in a first-party cookie called setsally-cookie-consent for one year. After that, the banner will ask again.
5. How to clear cookies in your browser
You can also clear or block SetSally cookies via your browser. Note that blocking strictly necessary cookies will sign you out and break the service.
6. Do Not Track and Global Privacy Control
We honor the Global Privacy Control (GPC) signal. If your browser sends it, we treat it as an opt-out of analytics and any non-essential tracking.
We do not currently respond to the older Do Not Track (DNT) header, as the W3C has deprecated it in favour of GPC.
7. International visitors
The rules above are designed to comply with the EU ePrivacy Directive. If you are visiting from outside the EU, the same cookies are used and the same controls apply.
8. Updates
We update this policy when we add or remove cookies. The "Last updated" date at the top of this page shows the current version. Material changes are also announced via the cookie banner.
9. Contact
Questions about cookies: privacy@setsally.com.