Cookie Policy
Last updated: June 2, 2026
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work correctly, remember your preferences, and provide information to site owners.
PelagoPass also uses browser local storage (used by Supabase for session management) and the browser Geolocation API (with your consent). This policy covers all such technologies.
2. Cookies & Local Storage We Use
The table below lists every cookie and local storage key set by PelagoPass or its infrastructure partners.
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
| sb-access-token | Supabase | Stores your authentication session so you stay logged in. | 1 hour | Essential |
| sb-refresh-token | Supabase | Refreshes your authentication session automatically. | 60 days | Essential |
| __stripe_mid | Stripe | Fraud prevention and payment security. | 1 year | Essential |
| __stripe_sid | Stripe | Fraud prevention during checkout sessions. | 30 minutes | Essential |
| _vercel_no_cache | Vercel | Prevents caching of authenticated pages at the CDN edge. | Session | Essential |
| pp_consent | PelagoPass | Stores your cookie preferences (essential / location) so we don't ask again. | 1 year | Essential |
3. Essential Cookies
Essential cookies and local storage entries are required for the service to function — keeping you logged in, securing payments, and remembering your consent choices. Under UK and EU law these do not require prior consent, though we are obliged to inform you about them.
4. Optional — Scan Location Analytics
When someone views one of your digital Cards, we can record their approximate GPS location (latitude and longitude as reported by their browser) and surface it in your analytics dashboard. This is entirely optional and requires two layers of consent:
- The card viewer must enable "Scan location analytics" in the cookie banner shown when they visit your Card page.
- Their browser must grant location permission when prompted by the Geolocation API.
If either consent is withheld the scan is still recorded, but no location data is stored. Location data is stored as raw coordinates in our Supabase database and is only visible to the card owner in their analytics dashboard. We do not share it with third parties.
You can withdraw location consent at any time by clearing the pp_consentkey from your browser's local storage, or by revoking location permission in your browser settings.
5. Your Consent Choices
On your first visit to PelagoPass you will see a cookie banner with two options:
- Accept all — enables essential cookies and location analytics.
- Manage — opens a preference panel where you can toggle location analytics independently.
Your choices are saved in the pp_consentlocal storage key. To change your preferences, clear that key in your browser's developer tools (Application → Local Storage) and reload the page — the banner will reappear.
6. Local Storage
Supabase stores your session tokens in browser local storage in addition to cookies. Local storage is not transmitted to servers on every request (unlike cookies), but it is accessible to JavaScript running on our domain. We use it solely for authentication and consent preference purposes.
7. How to Control Cookies
You can control or delete cookies through your browser settings. Note that disabling essential cookies will prevent PelagoPass from functioning correctly — you will not be able to log in.
Browser guidance:
8. Changes to This Policy
We may update this cookie policy as the service evolves. The "Last updated" date at the top of this page will reflect the latest revision. If we introduce new optional data collection categories, we will update our consent version so the banner reappears and you can review the new choices.
9. Contact
Questions about our use of cookies? Email us at support@pelagopass.com.