Cookies
Cookie Policy
Cookie categories
Strictly necessary cookies
Required for core functions such as authentication, security, passwordless login, session management, and remembering privacy choices. They are not optional because the service cannot work properly without them.
| Name/category | Provider | Purpose | Duration | Consent |
|---|---|---|---|---|
| Supabase auth/session cookies | Supabase/SelfGrowth | Authenticate users and maintain secure sessions | Session/provider default | Strictly necessary |
selfgrowth-auth-next | SelfGrowth | Return path after passwordless login | Up to 15 minutes | Strictly necessary |
selfgrowth-auth-account-type | SelfGrowth | Complete requested account-type sign-in flow | Up to 15 minutes | Strictly necessary |
selfgrowth-auth-email | SelfGrowth | Complete passwordless sign-in | Up to 15 minutes | Strictly necessary |
selfgrowth-auth-otp-type | SelfGrowth | Complete OTP sign-in flow | Up to 15 minutes | Strictly necessary |
selfgrowth-auth-test-otp-recipient / selfgrowth-auth-test-otp-debug-code | SelfGrowth | Test/QA-only OTP debugging; must not be enabled in production | Up to 15 minutes if enabled in approved test environment | Strictly necessary only for approved QA/test |
selfgrowth-consent-v1 | SelfGrowth | Remember cookie/privacy choices without storing user id, email, IP, or random visitor id | About 180 days or until changed/policy update | Strictly necessary preference record |
Preferences
Preferences help remember choices such as display settings, language, region, or dismissed notices. These should be used only for user-selected preferences and not behavioral tracking. Phase 5 nearby-event search does not remember a current location or manual place in cookies/localStorage by default; any future remembered coarse location preference needs a new review and explicit consent.
Analytics
Analytics help understand aggregate usage and improve SelfGrowth. Analytics may include page views, content views/clicks, ratings metrics, performance data, or similar usage signals. Analytics must not run before analytics consent unless a separate minimized aggregate/security design has been approved. Nearby-event search must not send precise latitude/longitude, manual location text, distance, or geocoder payloads to analytics.
Marketing/third-party
Marketing or third-party cookies may include retargeting pixels, ad-network cookies, social-media pixels, marketing automation trackers, or third-party embedded media that sets cookies. SelfGrowth should not use these unless explicitly approved, disclosed, and opt-in consent is collected where required.
Server web-touch requirement
SelfGrowth server middleware can be configured to send web-touch events. Phase 3C gates that non-essential web-touch path on the server-readable analytics consent cookie. Unknown consent defaults to analytics=false and marketing=false.
See the Privacy Policy for broader data-processing disclosures.