Cookie Policy
What cookies we set, what they do, and how to control them.
Effective May 19, 2026 · Last updated May 19, 2026
1. What are cookies?
Cookies are small text files stored on your device by your browser. We also use related technologies such as local storage and pixel tags; in this policy, “cookies” covers all of them.
2. Cookies we set
| Cookie / token | Category | Purpose | Duration | Provider |
|---|---|---|---|---|
| sb-access-token, sb-refresh-token | Strictly necessary | Authentication. Keeps you signed in to your account. | Session + 7 days (refresh) | Supabase Auth |
| __stripe_mid, __stripe_sid | Strictly necessary | Fraud prevention and PCI-compliant checkout when you visit the billing pages. | 1 year / 30 minutes | Stripe |
| csrf, next-auth.csrf-token | Strictly necessary | Cross-site request forgery protection on form submissions. | Session | ChartOfAccounts.ai |
| theme, ui-preferences | Functional | Remembers UI preferences (e.g., density, sidebar collapse). | 12 months | ChartOfAccounts.ai |
We do not use third-party advertising or cross-context behavioral-advertising cookies. We do not embed social-media trackers. If we add analytics cookies in the future (for example, to measure marketing-page performance), we will update this list and, where consent is required, prompt you before they are set.
3. How to control cookies
4. Do Not Track & Global Privacy Control
We do not respond to Do Not Track browser signals because no consistent industry standard exists. We honor Global Privacy Control (GPC) signals as a valid opt-out of any “sale” or “sharing” of personal information where applicable.
5. Changes
If we add or remove cookies in a way that meaningfully changes the information we collect, we will update this Cookie Policy and the “Last updated” date at the top.
6. Questions
Cookie questions: legal@chartofaccounts.ai.