Cookie Policy

Last updated:

This policy explains what cookies and similar technologies LitmusLayer uses on litmuslayer.com and in the LitmusLayer application, why we use them, and the choices you have. The short version: we use strictly necessary cookies only — nothing for advertising, analytics or cross-site tracking. This policy supplements our Privacy Policy.

1. What cookies and similar technologies are

Cookies are small text files a website stores on your device so it can recognise your browser — for example, to keep you signed in between page loads. Related technologies include browser local storage and session storage, which store data on your device in the same way but are not sent with every request. UK PECR, the EU ePrivacy Directive and equivalent rules treat all of these the same way, and so does this policy.

2. What LitmusLayer uses

Everything we store on your device exists for one purpose: keeping you securely signed in. Nothing is set until you sign in or begin signing in.

NameTypePurposeDuration
sb-<project>-auth-token (and numbered continuation parts)Cookie / local storageYour authentication session — proves to our servers that you are signed in. Set by our authentication provider (Supabase) when you sign inSession; refreshed while you remain active, removed on sign-out
sb-<project>-auth-token-code-verifierCookieA one-time cryptographic value used to complete a secure sign-in (PKCE). Exists only during the sign-in handshakeMinutes — deleted once sign-in completes

We do not use:

  • advertising or retargeting cookies;
  • third-party analytics scripts (no Google Analytics, no session recording);
  • social media pixels or embedded trackers;
  • fingerprinting or any other cross-site tracking technique.

Fonts are self-hosted and served from our own domain, so font loading sends no request to Google or any other third party.

3. Why there is no cookie banner

UK PECR (regulation 6) and the EU ePrivacy Directive require consent for cookies except those strictly necessary to provide a service you have explicitly requested. Signing in to your account is such a service, and the authentication cookies above are the only ones we set. Because we set nothing that requires consent, a consent banner would be noise — so we don't show one.

If we ever introduce cookies that need consent (for example, analytics), we will add a consent mechanism first and update this policy before anything is set.

4. Third-party cookies

If you choose to sign in with Google, Google sets its own cookies on google.com domains as part of its sign-in service, governed by Google's own privacy policy. That happens on Google's pages, not ours — we do not place Google cookies on litmuslayer.com, and we receive only your email address and basic profile from a completed sign-in.

5. How to control cookies

You can delete or block cookies at any time through your browser settings (usually under "Privacy" or "Site data"). Because our only cookies are authentication cookies, the effect of blocking or deleting them is simply that you will be signed out and unable to stay signed in — the public website works fine without any cookies at all.

Signing out removes your session data from your device, and you can do that from the account menu at any time.

6. Changes to this policy

If we change what we store on your device, we will update this page and its "Last updated" date first. A change that introduces non-essential cookies would also introduce a consent mechanism before taking effect.

7. Contact

Questions about this policy: privacy@litmuslayer.com. For how we handle personal data generally, including your rights and how to exercise them, see the Privacy Policy.