Cookie Policy
Last updated: June 29, 2026
In short:
We use cookies to keep you signed in, remember your language, measure how the site is performing, and (only with your consent) help us improve the Service. You can manage your preferences anytime in your browser settings, and where required by law we will show a consent prompt.
1. What Cookies Are
Cookies are small text files placed on your device when you visit a website. Similar technologies include local storage, session storage, pixel tags, and SDKs. In this policy we use “cookies” to refer to all of these.
2. The Categories We Use
2.1 Strictly Necessary
Required for the Service to function. These cannot be disabled. They do not track you across other sites.
- Authentication session (Supabase Auth): keeps you signed in. Expires when you log out or after extended inactivity.
- Locale preference (next-intl): remembers whether you chose English or Hebrew. Up to 1 year.
- Anti-CSRF token: protects forms from cross-site request forgery. Session only.
- Cart/upload session: preserves a pending upload across page loads. Session or short-lived.
2.2 Functional
Improve your experience but are not essential. We use these to remember non-critical preferences.
- UI preferences: remembers things like whether you dismissed a tip. Up to 1 year.
2.3 Analytics
Help us understand how the Service is used, so we can improve it. Aggregated and pseudonymous. In jurisdictions where required, we ask for your consent before these are set.
- PostHog (if enabled): page views, clicks, conversion funnel data. We do not capture form field values or uploaded images. Cookies up to 1 year. Vendor: PostHog Inc. — US/EU.
- Vercel Analytics (if enabled): aggregate visitor metrics. Server-side, no client cookie set. Vendor: Vercel Inc. — US.
- Sentry session replay (if enabled): anonymized error context. Cookies are session-only. Vendor: Functional Software, Inc. d/b/a Sentry — US.
2.4 Marketing
We currently do not use third-party advertising cookies, retargeting pixels, or social-media tracking pixels.
If we add any of these in the future, we will update this Cookie Policy, require your opt-in consent where required by law, and surface them in a consent banner.
3. How to Manage Cookies
You have several options:
- In-product consent prompt (where applicable): if your jurisdiction requires opt-in for non-essential cookies, we surface a banner allowing you to accept or reject categories. You can re-open the preferences from your account settings (when available) or by clearing cookies and revisiting the site.
- Browser settings: all major browsers let you view, manage, and delete cookies. Look for “Cookies and site permissions” or “Privacy” in your browser settings. Some browsers also support a “Do Not Track” signal and the Global Privacy Control (GPC) signal — we honor GPC for users in jurisdictions where it has legal effect.
- Device settings: on mobile devices, you can also reset advertising identifiers in your OS settings.
Blocking strictly necessary cookies will disable parts of the Service (you won’t be able to sign in or place orders). Blocking analytics cookies has no effect on your access to features.
4. Do Not Track & Global Privacy Control
Browser “Do Not Track” signals are not consistently interpreted across the industry. We honor the Global Privacy Control (GPC) signal as an opt-out request from sharing/selling personal information for users in jurisdictions where the law gives GPC legal effect (currently California under CPRA and Colorado under CPA, among others).
5. Changes to This Cookie Policy
We may update this Cookie Policy from time to time. When we make material changes, we’ll update the “Last updated” date and, where required, re-prompt for consent. A change log is maintained in docs/legal/CHANGELOG.md.
6. Contact
Questions about cookies: office@doodletoyz.com.