COOKIES
Cookie Policy
Last updated: November 22, 2025
This Cookie Policy explains how SCAFFOLD (“we,” “our,” or “us”) uses cookies and similar technologies when you visit our website and use our services.
By using SCAFFOLD, you consent to the use of cookies as described in this policy.
1. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They help websites:
- → Remember your preferences and settings
- → Keep you signed in
- → Understand how you use the site
- → Improve your experience
Note: We use the term “cookies” to refer to cookies and similar technologies like local storage, session storage, and web beacons.
2. Types of Cookies We Use
2.1 Essential Cookies (Required)
These cookies are necessary for the website to function and cannot be disabled.
AUTHENTICATION COOKIES
- Purpose: Keep you signed in
- Provider: Supabase Auth
- Duration: Session or 30 days (if “Remember Me” selected)
- Example:
sb-access-token
SECURITY COOKIES
- Purpose: CSRF protection, secure form submissions
- Duration: Session
- Example:
csrf-token
SESSION MANAGEMENT
- Purpose: Maintain application state
- Duration: Session (deleted when browser closes)
2.2 Functional Cookies (Optional)
These cookies enhance functionality and personalization. You can disable them in your browser.
PREFERENCES
- Purpose: Remember your settings (theme, language, layout)
- Duration: 1 year
- Example:
user-preferences
UI STATE
- Purpose: Remember panel sizes, sidebar state, workspace layout
- Duration: 6 months
2.3 Analytics Cookies (Optional)
These cookies help us understand how you use our platform to improve it.
POSTHOG ANALYTICS
- Purpose: Track page views, feature usage, performance
- Provider: PostHog (self-hosted analytics)
- Duration: 1 year
- Data collected: Anonymized user ID, page views, clicks, feature usage
- Example:
ph_*
WHAT WE TRACK
- ✓ Pages visited and time spent
- ✓ Features used (e.g., project creation, spec locking)
- ✓ Button clicks and interactions
- ✓ Error messages and performance metrics
WHAT WE DON’T TRACK
- ✗ Your project content or specifications
- ✗ Personal information beyond anonymous user ID
- ✗ Activity across other websites
2.4 Third-Party Cookies
Third-party services we use may set their own cookies:
STRIPE (PAYMENT PROCESSING)
- Purpose: Fraud detection, secure checkout
- Set when: You visit billing pages or checkout
- Privacy Policy: stripe.com/privacy
VERCEL ANALYTICS
- Purpose: Performance monitoring, web vitals
- Data: Anonymized page load metrics
- Privacy Policy: vercel.com/legal/privacy-policy
3. Cookie Duration
Cookies have different lifespans:
SESSION COOKIES
Deleted when you close your browser
PERSISTENT COOKIES
Remain until expiration date or manual deletion
- → Authentication: Up to 30 days
- → Preferences: Up to 1 year
- → Analytics: Up to 1 year
4. Managing Cookies
4.1 Browser Settings
You can control cookies through your browser settings:
4.2 Analytics Opt-Out
You can opt out of analytics tracking:
- → Use browser Do Not Track (DNT) settings
- → Block third-party cookies in browser settings
- → Use privacy-focused browser extensions
4.3 Impact of Disabling Cookies
Warning: Disabling essential cookies will prevent you from signing in and using SCAFFOLD. Disabling functional cookies may result in a degraded experience (e.g., having to re-set preferences on each visit).
5. Do Not Track (DNT)
We respect the Do Not Track browser setting. When DNT is enabled:
- ✓ Analytics cookies are not set
- ✓ Tracking scripts are not loaded
- ✓ Essential and functional cookies still work (required for the service)
6. Updates to This Policy
We may update this Cookie Policy from time to time. Changes will be reflected with a new “Last Updated” date. Significant changes will be communicated via:
- → Email notification
- → Banner on the website
- → Update in our Changelog
7. Questions About Cookies?
If you have questions about our use of cookies:
PRIVACY POLICY
Full Privacy Policy8. Cookie Summary Table
| CATEGORY | PURPOSE | REQUIRED | DURATION |
|---|---|---|---|
| Essential | Authentication, security, session | ✓ Yes | Session - 30 days |
| Functional | Preferences, UI state | ✗ No | 6 months - 1 year |
| Analytics | Usage tracking, performance | ✗ No | 1 year |
| Third-Party | Stripe, Vercel (varies) | Varies | Varies |
RELATED POLICIES