Cookie Policy

Last updated: 2026-05-03.

What are cookies?

Small text files a website stores on your device to remember information between requests. We also use the term loosely to cover localStorage, sessionStorage, and similar browser-side storage that achieves the same purpose.

What we set

Strictly necessary (always set)

• sb-access-token, sb-refresh-token — Supabase Auth session cookies. Required to keep you logged in. HttpOnly + Secure + SameSite=Lax. Expire on logout or after 1 week of inactivity.
• loophouse-cookie-consent— localStorage entry recording your consent choice. Required so we don't ask again on every page load. We don't set it until you make a choice.

Analytics (only with consent)

Disabled by default. We do not currently set analytics cookies. If we add analytics in a later release, this section will list the specific cookies and we will request fresh consent before setting them.

Third-party

Stripe sets __stripe_mid and __stripe_sidon the billing pages for fraud prevention. These are categorised as essential under PCI-DSS guidance. Stripe's cookie policy is at stripe.com/cookie-settings.

Managing cookies

Use the cookie banner that appears on your first visit. You can also clear localStorage / cookies in your browser settings to re-trigger the banner.

Contact

Questions: privacy@tapstellar.com.