Cookies
What lives in your browser — and why.
Last updated 2026-04-24
Sutrace runs a small number of first-party cookies and localStorage entries. We do not use third-party ad trackers, session-replay tools, or analytics that identify individuals. Consent for non-strictly-necessary items is handled by the banner you saw on first visit — you can re-open it any time from the footer to change your answer.
Categories we use
- Strictly necessary — login, anti-abuse, and remembering your cookie choice. These do not require consent under EU ePrivacy / GDPR.
- Preferences — your theme choice. Set only after you interact with the theme toggle.
- Analytics — we currently run none by default. If we add one in the future it will be consent-gated.
The exact list
| Name | Domain | Purpose | Duration | Category |
|---|---|---|---|---|
| sutrace.theme.v1 | sutrace.io / *.sutrace.io | Remembers your chosen theme (light, dark, or system). | Persistent (until cleared). | prefs |
| sutrace.consent.v1 | sutrace.io | Records your cookie / tracking choice so we don’t ask again. | 13 months. | strict |
| Firebase Auth (__session equivalent) | app.sutrace.io · admin.sutrace.io | Keeps you signed into the dashboard. | 60 minutes rolling. | strict |
| Firestore / App Check tokens | app.sutrace.io · admin.sutrace.io | Verifies the browser is a real browser (anti-abuse). | 1 hour rolling. | strict |
Do Not Track / Global Privacy Control
We honor the Global Privacy Control signal. Browsers that send GPC are treated as having declined non-strict cookies and any future analytics.
Changing your mind
Clear your browser data, or re-open the banner from the footer link “Cookie choices.” Deleting sutrace.consent.v1 will cause the banner to show again on your next visit.
Related policies
For what data we process inside the product itself, see the Privacy Policy. For processor / sub-processor commitments, see the Subprocessors page.