Browser storage
Cookie notice
A plain-language inventory of the cookies and local browser storage Cadylo currently uses.
Last updated July 15, 2026
Compliance baseline
This is an implementation inventory, not a compliance certification. It must be reviewed again before production deployment and whenever a tracker or provider-side feature is enabled.
Technologies currently used
Cadylo currently uses only service and interface storage:
- Supabase authentication cookies maintain the signed-in session and rotate authentication credentials. Their exact names vary by Supabase project. Cadylo configures a maximum age of 30 days, a site-wide path and SameSite=Lax; the Secure flag is enabled in production.
- Local storage preferences remember interface choices such as collapsed or expanded sidebar sections and the selected light, dark or automatic theme. These values stay in the browser until they are replaced, cleared by the user or removed by a product update.
- Short-lived memory state can keep recent interface choices during a session. It is not a browser cookie and disappears when the page context is closed.
Why they are used
Authentication cookies are necessary to sign users in, refresh their session and protect access to private workspaces. Interface preferences provide the display choice a user requests. Cadylo does not use these values to build advertising profiles or track people across websites.
Under the current implementation, there are no optional analytics, advertising or marketing cookies and no visitor analytics SDK in the application. Hosting and infrastructure providers may still generate operational request logs under their own service configuration; those logs are not described as browser trackers here.
Consent status
Cadylo does not currently show an optional-cookie consent banner because the implemented browser storage is limited to authentication required for the requested service and user-requested interface preferences. This statement applies only to the code documented on this page.
If optional analytics, advertising, embedded media or similar trackers are added, they must be blocked before consent where the law requires it. The product must then add a genuine accept/refuse/settings control, record the choice and update this notice before those trackers run.
Your controls
You can change the Cadylo theme under Settings → Appearance. You can also clear cookies and local storage using your browser settings. Blocking or deleting authentication cookies signs you out or prevents the private workspace from working correctly; clearing local storage resets saved interface preferences.
Signing out asks the authentication service to remove the local session. On a shared device, also close the browser and clear site data if you do not want interface preferences to remain.
Changes and contact
This inventory must be rechecked whenever authentication, analytics, marketing, embedded content or integrations change. It describes the current application code, not every setting an infrastructure platform could enable outside the repository.
Questions about browser storage can be sent to privacy@cadylo.app.