Cookie Policy
Last updated: January 2026
1. What Are Cookies?
Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work more efficiently, provide a better user experience, and give information to website owners.
We also use similar technologies such as web beacons, pixel tags, local storage, and session storage that serve similar purposes. This policy covers all these technologies.
2. How We Use Cookies
We use cookies and similar technologies for the following purposes:
2.1 Essential Cookies (Strictly Necessary)
These cookies are necessary for the Service to function and cannot be switched off in our systems. They are usually set in response to actions you take, such as:
- Authentication and maintaining your login session
- Security and fraud prevention (CSRF protection)
- Remembering your privacy preferences
- Load balancing and performance optimization
2.2 Functional Cookies
These cookies enable enhanced functionality and personalization:
- Remembering your login state between sessions
- Storing your workspace preferences and settings
- Maintaining your pattern editing session state
- Remembering language and region preferences
2.3 Analytics Cookies
These cookies help us understand how visitors interact with our Service:
- Page views and navigation patterns
- Feature usage statistics
- Error tracking and performance monitoring
- User experience improvements
We use Vercel Analytics for privacy-focused analytics. These services may set their own cookies. Analytics cookies are only set with your consent.
2.4 Marketing Cookies
Currently, we do not use marketing or advertising cookies. If this changes in the future, we will:
- Update this Cookie Policy
- Request your consent before setting such cookies
- Provide options to opt out
3. Cookies We Use
Below is a detailed list of the cookies we use:
| Cookie Name | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
| sb-*-auth-token | Supabase | User authentication session | Essential | Session |
| sb-*-auth-token-refresh | Supabase | Token refresh for persistent login | Essential | 7 days |
| cookie-consent | Bombajom | Stores your cookie consent preference | Essential | 1 year |
| __stripe_mid | Stripe | Fraud prevention during checkout | Essential | 1 year |
| __stripe_sid | Stripe | Fraud prevention session | Essential | 30 min |
| _vercel_insights | Vercel | Anonymous analytics | Analytics | Session |
| sentry-* | Sentry | Error tracking and session replay | Analytics | Session |
Note: Cookie names may include project-specific identifiers (indicated by *). Duration "Session" means the cookie is deleted when you close your browser.
4. Third-Party Cookies
We use the following third-party services that may set cookies:
4.1 Supabase
Used for authentication and database services. Sets cookies for session management and maintaining your logged-in state. For more information, see Supabase Privacy Policy.
4.2 Stripe
Used for payment processing. Sets cookies for fraud prevention, security, and maintaining checkout sessions. We only load Stripe when you interact with payment features. For more information, see Stripe Privacy Policy.
4.3 Vercel
Our hosting provider offers privacy-focused analytics that do not track individual users. For more information, see Vercel Privacy Policy.
4.4 Sentry
Used for error tracking and monitoring to help us identify and fix issues. For more information, see Sentry Privacy Policy.
5. Cookie Consent
In accordance with GDPR, UK GDPR, and ePrivacy Directive requirements, we obtain your consent before setting non-essential cookies. When you first visit our Service, you will see a cookie consent banner where you can:
- Accept All: Allow all cookies, including analytics and functional cookies
- Reject All: Only allow essential cookies required for the Service to function
- Customize: Choose exactly which categories of cookies you want to allow
Manage Your Cookie Preferences
You can change your cookie preferences at any time by clicking the button below:
How We Block Cookies Before Consent
We implement a strict consent-first approach to ensure GDPR and ePrivacy Directive compliance:
- Analytics scripts (Vercel Analytics, Google Analytics, Sentry) are only loaded after you explicitly consent to analytics cookies
- No tracking before consent: We do not set any tracking cookies or load any tracking scripts until you make an active choice
- Essential cookies only: If you reject non-essential cookies, only strictly necessary cookies (authentication, security) are used
- Granular control: You can enable or disable specific categories (functional, analytics) independently
6. Managing Cookies in Your Browser
6.1 Browser Settings
Most browsers allow you to control cookies through their settings. You can:
- Block all cookies
- Block third-party cookies only
- Delete existing cookies
- Set preferences for specific websites
- Enable "Do Not Track" signals
Note: Blocking essential cookies may prevent the Service from functioning properly. You may not be able to log in or use core features.
6.2 Browser-Specific Instructions
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Options → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Cookies and website data
- Edge: Settings → Cookies and site permissions → Cookies and site data
For more detailed instructions, visit AllAboutCookies.org.
7. Local Storage and Similar Technologies
In addition to cookies, we use browser local storage and session storage to:
- Store your pattern editing state temporarily
- Cache user preferences for faster loading
- Store your cookie consent preference
- Improve application performance
| Storage Key | Purpose | Type |
|---|---|---|
| cookie-consent | Stores your cookie preference | Local Storage |
| editor-state | Temporary pattern editing state | Session Storage |
| user-preferences | UI preferences (theme, units) | Local Storage |
You can clear local storage through your browser's developer tools (usually F12 → Application → Storage) or privacy settings.
8. Do Not Track Signals
Some browsers send "Do Not Track" (DNT) signals. There is currently no industry standard for responding to DNT signals. However, we respect your privacy choices:
- We only set analytics cookies with your explicit consent
- You can reject non-essential cookies through our consent banner
- We do not track users across third-party websites
9. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make changes:
- We will update the "Last updated" date at the top of this page
- For significant changes, we may notify you through the Service
- We encourage you to review this policy periodically
10. Contact Us
If you have questions about our use of cookies or this Cookie Policy, please contact us:
- Email: privacy@bombajom.com
- Data Protection Officer: dpo@bombajom.com