Cookie Policy
This policy explains how CodeSec uses cookies and similar technologies when you visit our website or use our platform.
Version
1.0
Last Updated
May 30, 2026
Effective
Immediately
What Are Cookies
Cookies are small text files stored on your device by your browser when you visit a website. They enable websites to remember your preferences, keep you logged in, and understand how you use the service.
We also use similar technologies like local storage and session storage for authentication state management. This policy covers all such technologies.
Essential Cookies
These cookies are strictly necessary for the Service to function. They cannot be disabled without breaking core functionality.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-* | Supabase authentication session | Session / 1 year |
| codesec-session | User session state | Session |
| csrf-token | Cross-site request forgery protection | Session |
Authentication Cookies
When you sign in to CodeSec, Supabase sets authentication cookies to maintain your session. These include:
- Access token: Short-lived token (1 hour) for authenticated API requests
- Refresh token: Long-lived token (1 year) to generate new access tokens
- User metadata: Non-sensitive profile information for the UI
These cookies are essential and cannot be disabled while you are signed in. Signing out clears all authentication cookies.
Analytics Cookies
We use optional analytics cookies to understand how users interact with CodeSec and improve the product. These cookies are set only with your consent.
Vercel Analytics
Collects anonymized, privacy-friendly page view data. No personal identifiers are stored. Data is aggregated and cannot be traced back to individuals.
PostHog (optional)
If enabled, collects feature usage events, session recordings (with sensitive data masked), and funnel analytics. Data is stored on PostHog EU infrastructure. You can opt out at any time.
You can disable analytics cookies in your account settings under Settings → Privacy → Analytics.
Preference Cookies
We store user preferences in local storage to improve your experience:
- Dashboard layout preferences (collapsed sidebar, table column widths)
- Scan configuration presets
- Notification preferences
- Dismissed banners and onboarding state
These are stored locally in your browser and are not transmitted to our servers. Clearing your browser storage removes these preferences.
Third-Party Cookies
Third-party services we use may set their own cookies:
- Dodo Payments: Payment form cookies for PCI-DSS compliant checkout
- OAuth providers (GitHub, Google): Authentication cookies set during login flow
- Vercel: Infrastructure performance cookies
We do not have control over third-party cookies. Please review the respective privacy policies of these providers.
Managing Your Cookies
Browser settings
You can control cookies through your browser settings. Most browsers allow you to:
- View and delete individual cookies
- Block all cookies or cookies from specific sites
- Clear cookies when you close the browser
- Enable private/incognito browsing to prevent cookie persistence
Impact of disabling cookies
Disabling essential cookies will prevent you from signing in to CodeSec. Disabling analytics cookies reduces our ability to improve the product but does not affect functionality.
Do Not Track
We respect the Do Not Track browser signal. When DNT is enabled, we disable all non-essential analytics tracking.
Changes to This Policy
We may update this Cookie Policy as we add or change technologies we use. We will notify you of material changes via email or an in-app banner.
Questions about our use of cookies? We're happy to explain.
[email protected]