Cookie Policy

These keep the app working. They cannot be turned off without breaking sign-in or session persistence.

• Supabase auth session (cookies set by Supabase, names beginning with sb-): keeps you signed in across page loads. Set after a successful sign-in. Cleared on sign-out or expiry.
• Locale preference (set by next-intl middleware): remembers whether you chose English or French so the URL routing works the same way next time.
• CSRF protection (token in the form action layer): standard server-action security; not used for tracking.

We use PostHog (when enabled) to understand which features are used and where the app is confusing. PostHog sets one cookie to assign you a pseudonymous ID. We do not link that ID to your email or other personal data inside PostHog.

You can opt out via your browser’s “Do Not Track” setting; we honor it. A consent banner offering an explicit toggle is being built; until then, DNT is the opt-out path.

We use Sentry to capture errors and crashes. Sentry uses a small amount of session storage to correlate error events; this isn’t a cookie in the technical sense. We’ve configured Sentry to scrub email addresses, IP addresses, and other personal identifiers before sending error reports.

Error tracking is essential to running a reliable app. We don’t offer an opt-out, but the data captured is minimal and never used for marketing.

The app keeps some data on your device using IndexedDB and localStorage:

• Offline mutation queue — when you make changes (rate a cigar, add to a humidor) while offline, they queue locally and sync when you’re back online.
• View preferences — small UI state like which list view you prefer.
• PWA install hint dismissal— if you dismiss the “install this app” prompt, we remember not to show it again.

Local storage is cleared when you clear your browser data or uninstall the PWA.

We do not embed third-party advertising networks, social tracking pixels, or analytics other than what’s listed above. When you click an affiliate link, the destination retailer may set its own cookies — those are governed by that retailer’s policy, not ours.

You can clear all cookies from your browser’s settings; doing so will sign you out and remove your preferences. You can also browse in incognito or private mode if you want to use the app without persistent cookies — sign-in won’t survive across sessions.

For analytics opt-out, set your browser’s “Do Not Track” flag. A dedicated consent UI is being built and will replace DNT once it lands.

If we add a new cookie or third-party SDK, we’ll update this page and bump the “last updated” date.

For details on what data we collect (vs. what cookies we set), see the Privacy Policy.