Cookie Policy
Effective date: June 12, 2026 · Last reviewed: June 12, 2026
We audit other websites' cookies for a living, so we hold ourselves to the same standard. This page lists every cookie and browser-storage item cookiegap.com uses, and why.
Why there's no cookie banner on this site
Consent banners are required when a site sets cookies that aren't strictly necessary — advertising, cross-site tracking, or analytics cookies. CookieGap sets only strictly necessary cookies and uses cookieless analytics, so under GDPR and the ePrivacy Directive no consent banner is needed. No banner isn't an oversight — it's the point.
Strictly necessary cookies
These cookies are required for the Service to function (signing in and keeping you signed in). They are exempt from consent requirements under the ePrivacy Directive.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-*-auth-token | Authentication session (Supabase). Set only when you sign in; keeps you logged in to your dashboard. | Session / ~1 year |
If you only visit our public pages and never sign in, we set no cookies at all.
Analytics — cookieless by design
We use Umami for aggregate page-view analytics. Umami sets no cookies, stores no identifiers in your browser, and collects no personal data — it can't follow you across sites. That's why it doesn't require consent.
Local storage
We use your browser's local storage (not cookies — it's never sent to our servers automatically) for a small number of functional items:
- Scan claim token — if you run a scan before creating an account, we keep a one-time token so the scan can be attached to your account when you sign up.
- UI preferences— small flags such as dismissed notices, so we don't show you the same banner twice.
Payment processing (Paddle)
Subscriptions are processed by our merchant of record, Paddle. When you open the checkout, Paddle may set cookies inside its own checkout frame that are strictly necessary for payment processing and fraud prevention. Paddle does not set advertising or tracking cookies on cookiegap.com, and no Paddle cookies are set unless you open the checkout. See Paddle's privacy policy.
What we never set
- Advertising or retargeting cookies
- Cross-site tracking cookies or pixels
- Social media embeds that phone home
- Third-party analytics cookies
Changes & contact
If we ever add a cookie that isn't strictly necessary, we'll update this page and add a consent mechanism first. Questions? Email [email protected] or see our Privacy Policy.