Legal
Cookie Policy
Last updated: 9 February 2026
1. What are cookies?
Cookies are small text files that are placed on your device (computer, tablet, or phone) when you visit a website. They are widely used to make websites work, improve their performance, and provide information to the website owner. Similar technologies include local storage and session storage, which work in a comparable way.
2. How we use cookies
We take a minimal approach to cookies. We do not use any analytics, advertising, or tracking cookies. The only cookies and browser storage technologies on our website are strictly necessary for the site to function or are set by third-party services that help us operate securely.
3. Cookies and storage we use
The table below lists every cookie and browser storage item used on our website:
| Name | Type | Purpose | Duration | Set by |
|---|---|---|---|---|
sb-*-auth-token | Strictly necessary | Stores your authentication session so you remain logged in as you navigate between pages. Without this cookie, you would need to log in on every page. | Session (cleared on logout or browser close) | Supabase |
sb-*-auth-token-code-verifier | Strictly necessary | Used during the authentication process to securely verify your login. This is a security measure that protects against certain types of attack. | Session | Supabase |
theme | Functional (local storage) | Remembers your preferred colour theme (light or dark mode) so it persists between visits. This is stored in your browser's local storage, not as a cookie. | Until you clear your browser data | Zelly |
cf_clearance | Strictly necessary | Set by Cloudflare Turnstile after you complete an anti-bot challenge (e.g. when submitting a form). It records that you have been verified as a real person so you are not challenged repeatedly. | Up to 30 minutes | Cloudflare |
The * in the Supabase cookie names represents your project identifier, which varies by installation.
4. Cookies we do not use
To be clear, we do not use:
- Analytics cookies - We do not use Google Analytics, Mixpanel, or any other analytics service
- Advertising or tracking cookies - We do not run ads or track you across other websites
- Social media cookies - We do not embed social media widgets that set their own cookies
5. Third-party cookies
The only third-party services that may set cookies on our website are:
- Supabase - For authentication. See Supabase's privacy policy.
- Cloudflare - For anti-bot protection (Turnstile). See Cloudflare's privacy policy.
- Stripe - When you make a payment, Stripe may set cookies as part of its fraud detection. These are only present on payment pages. See Stripe's privacy policy.
We do not control the cookies set by these third parties. Please refer to their respective privacy policies for more information.
6. Managing cookies
Because we only use strictly necessary cookies, we do not display a cookie consent banner. Under the Privacy and Electronic Communications Regulations 2003 (PECR), strictly necessary cookies are exempt from the consent requirement.
You can still manage or delete cookies through your browser settings. Please note that if you block or delete our authentication cookies, you will not be able to stay logged in to your account. Below are links to cookie management instructions for common browsers:
7. Do Not Track
Some browsers send a “Do Not Track” (DNT) signal to websites. Since we do not use any tracking or analytics cookies, our website naturally respects this preference - there is nothing to disable.
8. Changes to this policy
We may update this cookie policy from time to time. When we make changes, we will update the “last updated” date at the top of this page. If we begin using any new categories of cookies (such as analytics), we will update this policy and implement appropriate consent mechanisms before doing so.
9. Contact us
If you have any questions about our use of cookies, please contact us at privacy@zelly.studio. For more information about how we handle your personal data, see our Privacy Notice.