Cookie Policy
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They serve various purposes including authentication, security, and remembering your preferences.
We also use localStorage, a browser storage mechanism similar to cookies but stored only on your device and never sent to our servers automatically.
2. Essential Cookies (Required)
These cookies are necessary for the platform to function. They cannot be disabled.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| sb-*-auth-token | Supabase | Authentication session — keeps you signed in | Session / 7 days |
| sb-*-auth-token-code-verifier | Supabase | PKCE authentication flow security | Session |
| ataraxia_consent | Ataraxia GRC | Remembers your cookie consent preference (“all” or “essential”) | 1 year |
3. Local Storage
We use browser localStorage (not cookies) for the following. This data never leaves your device unless you explicitly sign in and sync.
| Key | Purpose | Duration |
|---|---|---|
| ataraxia-assessment-* | Saves SPRS calculator progress (public calculator only) | Persistent |
| lead-gate-* | Tracks whether you’ve already seen the calculator email prompt | 30 days |
4. Functional Cookies
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __stripe_mid, __stripe_sid | Stripe | Payment processing and fraud prevention (set on billing pages only) | Session / 1 year |
5. Analytics Cookies
We do not currently use any analytics or tracking cookies. We do not use Google Analytics, Vercel Analytics, or any similar service. If this changes, we will update this policy and request your consent.
6. Advertising Cookies
We do not use advertising or marketing cookies. We will never sell your data to advertisers.
7. Third-Party Services
Our platform uses the following third-party services that may set their own cookies:
- Supabase — Authentication and database services. Supabase Privacy Policy
- Stripe — Payment processing. Stripe Cookie Policy
- Vercel — Hosting and deployment. Vercel Privacy Policy
- Sentry — Error monitoring (no cookies; uses in-memory transport). Sentry Privacy Policy
8. Managing Cookies
Most web browsers allow you to control cookies through their settings. You can typically:
- View what cookies are stored
- Delete individual or all cookies
- Block cookies from specific or all sites
- Set preferences for certain types of cookies
Note that disabling essential cookies will prevent you from using the Ataraxia GRC platform, as they are required for authentication.
9. Your Rights
If you are in the European Economic Area (EEA), you have the right to:
- Know what cookies we use and why
- Refuse non-essential cookies (we currently use none)
- Delete cookies that have been set
For California residents, see our Privacy Policy for CCPA rights.
10. Changes to This Policy
We may update this cookie policy from time to time. Any changes will be posted on this page with an updated revision date.
11. Contact
If you have questions about our use of cookies, contact us at privacy@ataraxiagrc.com.
Ataraxia GRC, Inc.
Durango, Colorado
United States