Legal

Cookie notice

Categories map one-to-one to the consent purposes you can toggle on the Privacy & data page.

Essential

Always on

Required for sign-in, security, and to remember the app you last visited. Cannot be disabled without breaking the service.

  • Supabase auth session (localStorage) — keeps you signed in.
  • CSRF and rate-limit cookies on billing and admin routes.

Analytics

Opt-in

Aggregated usage data that helps us find broken flows and prioritise fixes. No profile-building, no third-party ad networks.

  • First-party page-view counter (only when granted).
  • Server-side error breadcrumbs tied to your session, kept 30 days.

Marketing

Opt-in

Used only if you opt in to product update emails or new-app announcements.

  • Newsletter subscription flag and unsubscribe token.

AI training

Opt-in

If you grant this, anonymised prompts and outputs may be used to improve the hub's own models. Off by default.

  • Per-job flag on generation events.

Third parties

PayFast sets its own cookies while you complete a payment. Their notice governs those cookies while you are on their domain. We do not embed advertising or tracking pixels from third-party ad networks.

Managing choices

Update your consent at any time on the Privacy & data page. Withdrawing consent applies from that moment onwards; it does not delete events that were already recorded.