Cookie & Similar Technologies Policy

Last updated: 9/30/2025

This Cookie & Similar Technologies Policy explains how OptiConvert (“OptiConvert,” “we,” “us”) uses cookies, localStorage, and related technologies on opticonvert.ai (the “Service”). The Service is marketed to users in the United States.

What are cookies and similar technologies?

Cookies are small text files placed on your device by a website. They are widely used to make websites work, to keep you signed in, to remember preferences, and to help site owners understand how their services are used. We also use related technologies such as localStorage and SDKs. For simplicity, we refer to all of these as “cookies.”

How we use cookies

• Strictly necessary: required to operate core features such as authentication, session management, CSRF protection, and security. Without these, the Service won’t function properly.
• Functional: improve your experience (for example, assisting with sign‑up verification flows and preferences like language or theme).
• Analytics: help us understand usage and improve the Service (e.g., Google Analytics, Supabase Analytics).
• Payments: enable secure checkout and fraud prevention when interacting with Stripe’s hosted pages/portal.

Cookies we may set or read

Names and durations can vary by browser/session and provider updates. The examples below reflect our current implementation.

A) Strictly necessary

• csrfToken — helps protect forms and requests from CSRF attacks. Session/short‑lived.
• Supabase auth cookies: sb-fdfrhojltqqbopizxsue-auth-token, sb-fdfrhojltqqbopizxsue-auth-token-code-verifier — keep you signed in and complete secure PKCE flows. Duration and flags per Supabase defaults.
• Stripe essential cookies (set on Stripe domains during Checkout / Customer Portal), e.g. __stripe_mid, __stripe_sid — device/session identifiers used for fraud prevention and payment flows. Session–2 years (typical).

B) Functional

• pendingVerificationEmail — assists with sign‑up email verification UX. Short‑lived.
• Preference cookies (if enabled) for items like language or theme. Lifetimes vary.

C) Analytics

• Google Analytics cookies, e.g. _ga, _ga_*, _gid, _gcl_au — used to measure usage and performance. ~24 hours to 2 years (typical).
• Supabase Analytics — infrastructure/app analytics. These are primarily server‑side metrics and may not rely on client cookies.

LocalStorage and similar

We use localStorage to persist non‑essential UI state, such as “task completion” flags for your audit recommendations. This data remains in your browser and can be cleared via your browser settings.

Your choices

• Browser controls: you can block or delete cookies via your browser settings. Blocking strictly necessary cookies may break core functionality.
• Consent banner (if presented): where provided, you can enable/disable non‑essential categories from the banner or preferences center.
• Google Analytics opt‑out: Google offers a browser add‑on to opt out of Analytics measurement.
• Do Not Track: the Service does not currently respond to browser “Do Not Track” signals due to a lack of industry consensus.

Changes to this notice

We may update this notice as our Service and vendors evolve. We will update the “Last updated” date above and may provide additional notice for material changes.

Contact

Questions? Contact hello@opticonvert.ai.