There is one cookie. It keeps you signed in. That's it.
Plain language
We use a session cookie so you stay signed in across pages. We don't run advertising trackers. We don't sell your data. We don't inject third-party pixels. If a sub-processor (Sentry, Supabase) sets a cookie, it's listed below and it's only there to make the platform work.
Name: sb-access-token (and sb-refresh-token).
Purpose: keep you signed in. Without it, you'd have to log in on every page load. The cookies are HTTPOnly and Secure (the browser cannot read them via JavaScript, they only travel over HTTPS).
Lifespan: the access token expires hourly; the refresh token expires after prolonged inactivity. Both are cleared when you sign out.
Name: yess_lang, yess_theme.
Purpose: remember your chosen language (EN / FR / AR) and theme (light / dark) across visits. Without them, every visit resets your preferences.
Lifespan: 365 days. Cleared on demand via your profile settings.
When you use the dashboard, the auth flow may briefly set cookies from Supabase (our managed-database provider) to coordinate sign-in across tabs. Cloudinary does not set cookies in the upload flow we use. Sentry, when active, sets a short-lived session cookie for error replay — strictly to attach the error to the same session, not to track you across sites.
You can disable cookies in your browser settings. The platform won't work signed-in (no way to stay logged in across pages without a session cookie), but the public marketing site will still render. We don't have a "manage cookies" modal because there are no advertising cookies to opt out of.
Questions? Contact ENFURISED.