Cookie & Similar Technologies Policy

Last updated: 3/8/2026

This Cookie & Similar Technologies Policy explains how OptiConvert (“OptiConvert,” “we,” “us”) uses cookies, sessionStorage, and related technologies on opticonvert.ai (the “Service”). The Service is marketed to users in the United States.

What are cookies and similar technologies?

Cookies are small text files placed on your device by a website. They are widely used to make websites work, to keep you signed in, to remember preferences, and to help site owners understand how their services are used. We also use related technologies such as sessionStorage and SDKs. For simplicity, we refer to all of these as “cookies.”

How we use cookies

• Strictly necessary: required to operate core features such as authentication, session management, CSRF protection, and security. Without these, the Service won’t function properly.
• Functional: improve your experience (for example, assisting with sign‑up verification flows and preferences like language or theme).
• Analytics: help us understand usage and improve the Service through our first‑party analytics system stored in Supabase. We do not use Google Analytics or any third‑party analytics SDK.
• Payments: enable secure checkout and fraud prevention when interacting with Stripe’s hosted pages/portal.

Cookies we may set or read

Names and durations can vary by browser/session and provider updates. The examples below reflect our current implementation.

A) Strictly necessary

• csrfToken — helps protect forms and requests from CSRF attacks. Session/short‑lived.
• Supabase auth cookies: sb-fdfrhojltqqbopizxsue-auth-token, sb-fdfrhojltqqbopizxsue-auth-token-code-verifier — keep you signed in and complete secure PKCE flows. Duration and flags per Supabase defaults.
• Stripe essential cookies (set on Stripe domains during Checkout / Customer Portal), e.g. __stripe_mid, __stripe_sid — device/session identifiers used for fraud prevention and payment flows. Session–2 years (typical).

B) Functional

• Preference cookies (if enabled) for items like language or theme. Lifetimes vary.

C) Analytics

Our first‑party analytics system does not set cookies. Instead, a random session identifier is stored in sessionStorage under the key oc_session_id (a random UUID, cleared automatically when you close the browser tab). Each event includes: browser type, device type, viewport size, referrer URL, page URL, and user agent. All analytics data is stored in Supabase. We do not capture IP addresses and we do not derive geolocation from analytics events.

SessionStorage

We use sessionStorage to store a random session identifier (oc_session_id). This value is a randomly generated UUID used solely to group analytics events within a single browser tab session. It is not a cookie, is not shared with third parties, and is cleared automatically when you close the browser tab.

Your choices

• Browser controls: you can block or delete cookies via your browser settings. Blocking strictly necessary cookies may break core functionality.
• Consent banner (if presented): where provided, you can enable/disable non‑essential categories from the banner or preferences center.
• Do Not Track / Global Privacy Control: the Service does not currently respond to browser “Do Not Track” signals due to a lack of industry consensus. We acknowledge Global Privacy Control (GPC) as a valid opt‑out signal under applicable state privacy laws. OptiConvert does not sell or share personal data for cross‑context behavioral advertising, so GPC does not functionally change our processing.

Changes to this notice

We may update this notice as our Service and vendors evolve. We will update the “Last updated” date above and may provide additional notice for material changes.

Contact

Questions? Contact hello@opticonvert.ai.