Cookie Policy
This Cookie Policy explains how Georion uses cookies and similar technologies on georion.app. It supplements our Privacy Policy and aligns with the GDPR, ePrivacy Directive, and Swiss FADP requirements.
1. What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the site remember information about your visit (like your preferences and login state), making the experience smoother and allowing the service to function correctly. "Cookies" in this policy also refers to related technologies like localStorage, sessionStorage, and IndexedDB.
2. Why we use cookies
Georion uses cookies to:
- Keep you logged in across sessions
- Remember your preferences (theme, locale, dashboard layout)
- Secure your session against CSRF and replay attacks
- Measure aggregate product usage (consented analytics only)
- Protect against spam, abuse, and fraud
We do not use cookies for cross-site advertising or retargeting.
3. Types we use
- Strictly necessary: required for the Service to work. Cannot be disabled.
- Functional: remember your preferences to improve UX. Opt-in.
- Analytics: help us understand product usage in aggregate. Opt-in only.
- Marketing: we do not use marketing cookies.
4. Full cookie list
Complete list of cookies set by Georion and their purposes:
| Name | Purpose | Type | Duration | Provider |
|---|---|---|---|---|
sb-access-token | User authentication | Strictly necessary | 1 hour (auto-renew) | Georion (Supabase) |
sb-refresh-token | Refresh authentication session | Strictly necessary | 30 days | Georion (Supabase) |
georion-org | Currently active organization / workspace | Strictly necessary | Session | Georion |
csrf-token | CSRF protection for forms & mutations | Strictly necessary | Session | Georion |
cookie-consent | Stores your cookie consent choice | Strictly necessary | 12 months | Georion |
theme | Light / dark mode preference | Functional | 12 months | Georion (localStorage) |
locale | Language preference | Functional | 12 months | Georion (localStorage) |
dashboard-layout | Dashboard widget arrangement | Functional | 12 months | Georion (localStorage) |
__cf_bm | Bot management (Cloudflare) | Strictly necessary | 30 minutes | Cloudflare |
cf_clearance | Challenge verification (Cloudflare) | Strictly necessary | 12 hours | Cloudflare |
__stripe_mid | Fraud prevention for payments | Strictly necessary | 12 months | Stripe (checkout only) |
__stripe_sid | Fraud prevention session | Strictly necessary | 30 minutes | Stripe (checkout only) |
plausible-visit | Anonymous visit counter | Analytics (opt-in) | 30 minutes | Plausible (self-hosted) |
5. Third-party cookies
Some cookies are set by our subprocessors to provide core Service functionality:
- Cloudflare: bot detection and CDN functionality. Essential for security — cannot be disabled while using the Service.
- Stripe: fraud detection for payments. Set only on the checkout page, not on general site browsing.
- Plausible Analytics: self-hosted, cookieless-first. Our Plausible instance is EU-hosted and does not set tracking cookies by default; the
plausible-visitcookie only activates if analytics consent is granted.
We do not use Google Analytics, Facebook Pixel, LinkedIn Insight Tag, or any advertising network pixels.
6. Analytics approach
We believe analytics should respect user privacy. Our approach:
- Self-hosted Plausible in the EU — no data leaves our infrastructure
- No personal identifiers tracked; all events aggregated
- No cross-site tracking, no fingerprinting
- Compliant with GDPR, ePrivacy, and Swiss FADP without requiring consent — but we ask anyway, because you deserve the choice
7. How to manage cookies
7.1 On Georion
The first time you visit, we show a cookie banner with three options:
- Accept all: enables all cookie types
- Reject non-essential: only strictly necessary cookies are set
- Customize: fine-grained toggle per category
Change your preferences anytime via the "Cookie preferences" link in the footer, or by clearing the cookie-consent cookie and reloading.
7.2 In your browser
All major browsers let you block, delete, or manage cookies at the browser level. Note that blocking strictly necessary cookies will break core Service functionality (login will not work).
8. Do Not Track (DNT) & Global Privacy Control (GPC)
We honor Global Privacy Control (GPC) signals automatically — if your browser sends GPC, we treat it as a valid opt-out of non-essential cookies without requiring a banner interaction.
We do not currently respond to the older Do Not Track (DNT) header, as the signal has been deprecated by most browsers. GPC is the modern equivalent we support.
9. Changes to this policy
We may update this Cookie Policy. Material changes take effect 30 days after notification. Minor changes (new necessary cookies required for security, typo corrections) take effect immediately. The "Last updated" date at the top of this page always reflects the current version.
10. Contact
For questions about cookies or tracking:
Email: privacy@georion.app
Privacy Policy: georion.app/privacy