Cookie Policy

Cookies are small text files stored on your device when you visit a site. Similar technologies include local storage, session storage, pixels, and software development kits (SDKs) that achieve comparable purposes.

We use first-party technologies (set by us) and, where described below, third-party technologies (set by partners such as authentication, security, or diagnostics providers).

We use cookies and similar technologies to:

• keep you signed in and secure your session;
• remember choices you make (for example, display theme) where we store them on your device;
• operate password-protected shared links and similar access controls;
• protect the Services from abuse (for example, bot checks at sign-in);
• diagnose errors and improve reliability when we enable error reporting tools.

The exact names and lifetimes of cookies may change as we update the Services. The following describes the categories in use.

3.1 Strictly necessary

Required for core functionality. For example, cookies that maintain your authenticated session with our infrastructure provider (including Supabase-style session and refresh cookies), cookies used when you open a password-protected share link (for example, names beginning with share_access_), and cookies needed for routing or security at the edge. These cannot be disabled if you wish to use the signed-in or protected features they support.

3.2 Preferences (device storage)

We store some preferences in your browser's local storage or session storage, not always as HTTP cookies. Examples include your light/dark theme choice (for example under the key papertrail_dark_mode), ephemeral UI state such as dismissed prompts, and recent search queries in the in-app search experience. You can clear these through your browser settings; doing so may reset preferences.

3.3 Security (third party)

On sign-in and similar flows we may load Cloudflare Turnstile to reduce automated abuse. Turnstile and Cloudflare may set or read their own cookies or similar data according to Cloudflare's privacy policy.

3.4 Diagnostics (optional)

When enabled, we may use Sentry (or comparable tools) to capture error and performance events. Those tools may use cookies or local storage to associate diagnostic reports with a session. We configure such tools to minimise personal data where possible. See Sentry's privacy policy for their practices.

Session cookies expire when you close your browser. Persistent cookies and stored values remain until they expire (according to their settings), you delete them, or you clear site data. Share-link access cookies are tied to the link and security configuration we apply at the time of access.

Most browsers let you block or delete cookies and site data through settings. If you block strictly necessary cookies, parts of the Services (including sign-in) may not work.

Where European law requires a cookie banner or granular consent for non-essential technologies, we will provide controls consistent with that requirement. At present, our primary non-essential items are security widgets and optional diagnostics as described above.

We may update this Cookie Policy when our practices or partners change. We will post the new version on this page and update the "Last updated" date. Material changes may be communicated as described in our Privacy Policy.

Questions about this Cookie Policy: support@usepapertrail.com