Cookie Policy
Last Updated: 19th June 2025
1. Introduction
This Cookie Policy explains how Orbit ("we," "our," or "us") uses cookies and similar tracking technologies when you use our web application at [your-domain.com] (the "Service"). This policy should be read alongside our Privacy Policy and Terms of Service.
2. What Are Cookies?
Cookies are small text files that are stored on your device (computer, tablet, or mobile phone) when you visit our website. They help us provide you with a better experience by remembering your preferences and enabling certain functionalities.
3. How We Use Cookies
We use cookies and similar technologies for the following purposes:
- Authentication: To keep you logged in and manage your session
- Preferences: To remember your settings and preferences
- Security: To protect against fraud and unauthorized access
- Performance: To analyze how our service is used and improve functionality
- Error Tracking: To identify and fix technical issues
4. Types of Cookies We Use
Essential Cookies
These cookies are necessary for the website to function properly and cannot be disabled.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| sb-[project-ref]-auth-token | Supabase authentication session token | Session/1 hour | First-party |
| sidebar:state | Remembers sidebar collapsed/expanded state | 1 year | First-party |
| auth_recaptcha_state | Manages reCAPTCHA state for failed login attempts | 15 minutes | First-party |
| edge_function_rate_limits | Rate limiting for API calls and security | Variable | First-party |
Functional Cookies
These cookies enhance your experience by remembering your preferences and settings.
| Storage Type | Data Stored | Purpose | Duration |
|---|---|---|---|
| Local Storage | Recording metadata and audio data | Offline recording functionality and sync | Until manually cleared |
| Session Storage | Navigation state, signup flow state | Managing user flow and preventing redirect loops | Session only |
| IndexedDB | Audio recordings, upload queue, metadata | Storing large files and managing upload queues | Until manually cleared |
Third-Party Cookies
These cookies are set by third-party services we use to provide our functionality.
| Service | Purpose | Privacy Policy |
|---|---|---|
| Supabase | Authentication, database, and backend services | Supabase Privacy Policy |
| Stripe | Payment processing and subscription management | Stripe Privacy Policy |
| Google reCAPTCHA | Fraud prevention and bot protection | Google Privacy Policy |
| AssemblyAI | Audio transcription services | AssemblyAI Privacy Policy |
5. Performance and Analytics
We collect performance data and error analytics to improve our service. This includes:
- Error tracking and performance monitoring
- User interaction patterns (anonymized)
- Feature usage statistics
- Upload and processing performance metrics
This data is used solely for improving our service and is not shared with third parties for marketing purposes.
6. Cookie Duration
We use both session and persistent cookies:
- Session Cookies: Deleted when you close your browser
- Persistent Cookies: Remain on your device for a specified period or until manually deleted
7. Managing Your Cookie Preferences
Browser Settings
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Important Note
Disabling essential cookies may prevent you from using certain features of our service, including authentication and core functionality.
8. Data Retention
We retain cookie and local storage data for the following periods:
- Authentication cookies: Until logout or expiration (typically 1 hour)
- Preference cookies: Up to 1 year
- Local recordings: Until manually deleted or cleaned up by retention policy
- Session data: Until browser session ends
9. Security Measures
We implement several security measures regarding cookies and local storage:
- Secure transmission of authentication cookies over HTTPS
- Regular cleanup of expired session data
- Rate limiting to prevent abuse
- Encryption of sensitive data stored locally
10. Updates to This Policy
We may update this Cookie Policy from time to time. When we make significant changes, we will notify you by:
- Updating the "Last Updated" date at the top of this policy
- Providing notice through our service or via email
- For material changes, we may require your consent
11. International Transfers
Our service providers (Supabase, Stripe, Google, AssemblyAI) may process your data in various countries. We ensure that appropriate safeguards are in place for international data transfers in compliance with applicable privacy laws.
12. Your Rights
Depending on your location, you may have certain rights regarding cookies and your personal data:
- Right to be informed about our cookie practices
- Right to refuse non-essential cookies
- Right to withdraw consent for cookie use
- Right to access and delete your personal data
13. Contact Us
If you have any questions about this Cookie Policy or our privacy practices, please contact us.
For EU residents: If you have concerns about our data practices, you also have the right to contact your local data protection authority.
This policy is part of our commitment to transparency and your privacy.
Related Documents:
Technical Implementation Details
Cookie Storage Mechanisms
Our application uses several storage mechanisms for different purposes:
Browser Cookies
- Authentication: Supabase auth tokens for session management
- Preferences: UI state like sidebar collapse/expand
- Security: reCAPTCHA state for fraud prevention
Data Flow
- Authentication Flow: Supabase handles authentication cookies automatically
- Recording Flow: Audio data stored in IndexedDB, and SQL Lite, metadata in localStorage
- Preference Flow: UI settings stored in localStorage with expiration
- Security Flow: Rate limiting and reCAPTCHA state managed in localStorage
Cleanup Policies
The application implements automatic cleanup for:
- Expired authentication tokens
- Old recording data (configurable retention period)
- Uploaded recordings (to save local storage space)
- Rate limiting data (automatic expiration)
Privacy Considerations
- All authentication cookies are transmitted over HTTPS only
- Local storage data is encrypted where sensitive
- No personal data is stored in cookies beyond session tokens
- Third-party cookies are limited to essential services only