Legal · Cookies

Cookie Policy

Effective: 2026-05-25 Last updated: 2026-05-25 Version: 1.0

What cookies are

"Cookies" and similar technologies (localStorage, sessionStorage, IndexedDB) are small pieces of data your browser stores at our request. They let us remember things between page loads — for example, that you are signed in or that you prefer dark mode.

Hauly uses a minimal set of these technologies. We do not use advertising trackers, fingerprinting, or third-party analytics scripts.

Our categories

We group every cookie and storage item into one of four categories:

  • Essential — required for the site to function (e.g. sign-in session). No consent needed under ePrivacy Art. 5(3) strictly necessary exception.
  • Functional — remember your preferences (e.g. theme). Requires consent under EU rules unless they qualify as strictly necessary.
  • Analytics — measure how the site is used. Requires opt-in consent.
  • Marketing — used for targeted advertising. Requires opt-in consent.

At present, Hauly only uses essential and functional storage. The cookie banner is in place so that if we ever add analytics or marketing technologies, you will be asked first.

Full inventory

The complete list of cookies and browser storage items Hauly currently sets, by host:

Set by hauly.ai (first-party)

Name Type Category Purpose Duration
hauly:theme localStorage Functional Stores your theme preference (light / dark / system) so it persists across visits Until cleared
hauly:consent localStorage Essential Records your cookie consent choices and the timestamp/version of the policy you accepted 12 months

Set by supabase.co (authentication)

Name Type Category Purpose Duration
sb-<project>-auth-token localStorage Essential Stores your Supabase session (JWT + refresh token) so you remain signed in Until sign-out / 60 days
sb-<project>-auth-token-code-verifier localStorage Essential PKCE flow temporary verifier during sign-in Sign-in flow only

Third-party storage on hauly.ai

We do not embed third-party content that sets cookies on our pages — no social widgets, advertising networks, embedded video, or analytics pixels. The only external service that interacts with your browser is our authentication provider (Supabase), described above.

API calls to our backend (/api/chat) and to Supabase send your IP address as part of standard HTTP traffic; this is used for rate limiting and authentication, not for tracking. See the Privacy Policy for retention details.

Manage your choices

You have several ways to manage what Hauly stores in your browser:

1. The cookie banner

The first time you visit hauly.ai you are shown a banner with three options: Accept all, Reject non-essential, or Customise. Your choice is saved as hauly:consent and respected on every page load. You can change it at any time using the link below.

2. Your browser settings

Every major browser lets you block or delete cookies and clear localStorage. Note that disabling essential storage will sign you out and prevent the site from working.

3. Do Not Track

We honour the Sec-GPC (Global Privacy Control) header and DNT: 1 request header by treating them as a signal to reject non-essential categories unless you have explicitly accepted them.

Contact

Questions about cookies? Email {{DPO_EMAIL}}.