1. What Are Cookies?
Cookies are small text files that a website places on your computer, smartphone, or other device when you visit it. They are widely used to make websites work more efficiently, remember your preferences, and to provide basic functionality such as keeping you logged in between page visits.
A cookie typically contains:
- A name that identifies the cookie and which script or service set it.
- A value — the actual data stored, such as an encrypted session token or a preference identifier.
- An expiry date — when the cookie will be automatically deleted from your device.
- Domain and path information — which website and URL paths the cookie applies to.
- Security flags — such as "Secure" (only sent over HTTPS) and "HttpOnly" (not accessible from JavaScript).
There are several types of cookies:
- Session cookies: Temporary cookies that are deleted when you close your browser. They allow actions within a single browsing session to be linked, such as maintaining your login state across pages.
- Persistent cookies: Cookies that remain on your device for a specified period after your browser is closed. They are used for purposes such as remembering your login so you do not have to re-enter your credentials on your next visit.
- First-party cookies: Cookies set by the website you are visiting (in this case, cproat.com).
- Third-party cookies: Cookies set by a domain other than the one you are visiting — typically set by embedded scripts from advertisers, analytics providers, or social networks. Cproat does not use third-party cookies of this type.
2. How We Use Cookies
Cproat uses cookies and browser local storage for one purpose only: to operate the Service securely and to maintain your authenticated session.
We do not use cookies for:
- Advertising or retargeting
- Cross-site tracking or behavioral profiling
- Analytics services that share data with third parties (such as Google Analytics)
- Social media tracking pixels
- A/B testing or heatmap tools
All cookies used by Cproat are strictly necessary for the functioning of the Service. Without them, core features such as logging in, staying logged in, and using your account would not be possible.
Because we rely solely on strictly necessary cookies, we do not display a cookie consent banner or require your opt-in consent specifically for cookies under the EU's ePrivacy Directive. However, by using our Service you acknowledge the use of these essential cookies as described in this policy.
3. Cookies We Use
The following cookies may be set in your browser when you use Cproat:
| Cookie Name | Provider | Type | Duration | Purpose |
|---|---|---|---|---|
| sb-access-token | Supabase (via Cproat) | Essential — Authentication | Session (expires when browser is closed, or when the token expires — typically 1 hour) | Stores your current authentication access token, which proves to our server that you are logged in. This token is a short-lived JSON Web Token (JWT) that is automatically renewed using the refresh token below. Without this cookie, you would be immediately logged out on every page load. |
| sb-refresh-token | Supabase (via Cproat) | Essential — Authentication | Persistent — typically 60 days from last use, with rolling expiry on activity | Used to silently obtain a new access token when your current one expires, without requiring you to log in again. The refresh token is a long-lived credential that should be treated with the same care as a password. It is transmitted over HTTPS only and is flagged as Secure. |
3.1 About Supabase Authentication Cookies
Both sb-access-token and sb-refresh-token are set by Supabase, our authentication and database provider, as part of our integration with the Supabase JavaScript client library. These cookies are set on the cproat.com domain and are only sent to our servers — they are not shared with Supabase's own domain in a way that enables cross-site tracking.
The data stored in these cookies consists of encrypted authentication tokens. No personally identifiable information (such as your name or email) is stored directly in the cookie value — the server uses the token to look up your account in the database.
These cookies are flagged as:
- Secure — only transmitted over HTTPS connections, never over plain HTTP.
- SameSite=Lax — provides protection against cross-site request forgery (CSRF) attacks.
4. Browser Local Storage
In addition to cookies, Cproat uses your browser's Local Storage API to save a small amount of data directly in your browser. Local storage works similarly to cookies in that data persists between page visits, but differs in that:
- Local storage data is never sent to our servers with HTTP requests — it stays entirely within your browser.
- Local storage data has no expiry date by default and persists until you clear your browser data or we explicitly delete it via JavaScript.
- Local storage is not accessible across different websites — only pages served from cproat.com can read or write to Cproat's local storage.
| Key | Type | Value Example | Purpose |
|---|---|---|---|
language (or lang) |
Essential — UI preference | "en" or "tr" |
Stores your preferred interface language so the page loads in your chosen language on your next visit without needing to detect it each time. This preference is entirely local — it is never transmitted to our servers and is used only by client-side JavaScript to render the correct translations. |
We do not store any personally identifiable information, account data, search history, or sensitive data in local storage. Local storage is used solely for non-sensitive UI preferences.
5. No Tracking or Advertising Cookies
Cproat does not use any tracking, analytics, advertising, or marketing cookies.
We have made a deliberate choice not to install analytics platforms (such as Google Analytics, Mixpanel, Hotjar, or similar tools), advertising networks, or social media tracking pixels on our website. This means:
- We do not track your behavior across other websites after you leave cproat.com.
- We do not share any data about your browsing with advertising networks.
- We do not build behavioral profiles for the purpose of targeted advertising.
- We do not use Facebook Pixel, Google Tag Manager, LinkedIn Insight Tag, or similar services.
- We do not embed third-party "Like" or "Share" buttons that would allow social networks to track you on our pages.
The only usage data we collect is the server-side application usage data described in our Privacy Policy (Section 2.2 and 2.3), which is associated with your account and used solely to provide and improve the Service.
6. Third-Party Cookies
Cproat does not embed third-party scripts, widgets, or iframes that would cause third-party cookies to be set in your browser during normal use of the Service.
The Supabase JavaScript SDK, while provided by Supabase (a third-party company), is loaded from our own deployment and sets cookies only on the cproat.com domain. These are classified as first-party cookies because they are set on and scoped to our own domain.
If you access Cproat through a link from a third-party platform (such as a search engine, social network, or referral site), that third party may have already set cookies in your browser from their own platform. Cproat has no control over, and is not responsible for, cookies set by third-party websites.
7. Managing and Controlling Cookies
You have the right to control how cookies are stored on your device. You can manage cookies in several ways:
7.1 Browser Settings
All modern browsers allow you to view, manage, block, and delete cookies through their built-in settings. You can typically find these options under "Privacy", "Security", or "Content Settings" in your browser's preferences or settings menu. Section 8 below provides direct links to instructions for the most common browsers.
7.2 Clearing Cookies and Local Storage
You can clear all cookies and local storage data for cproat.com at any time using your browser's developer tools or "Clear Browsing Data" function. On most browsers:
- Open your browser's settings or preferences.
- Navigate to "Privacy and Security" or "History".
- Select "Clear Browsing Data" or equivalent.
- Check "Cookies and other site data" (and optionally "Cached images and files").
- You may be able to filter by site (e.g., "cproat.com") to clear only our data without affecting others.
7.3 Session Logout
The simplest way to remove the Supabase authentication cookies is to log out of your Cproat account. Logging out will clear the sb-access-token and sb-refresh-token cookies from your browser, effectively ending your session.
7.4 Incognito / Private Browsing Mode
Using your browser in incognito or private mode will prevent cookies and local storage from persisting after you close the browser window. In this mode, you will need to log in again each time you visit Cproat.
7.5 Do Not Track (DNT)
Some browsers offer a "Do Not Track" (DNT) feature that signals to websites that you prefer not to be tracked. Because Cproat does not conduct tracking beyond what is strictly necessary for the Service, we process the DNT signal but cannot meaningfully alter our behavior in response to it, as we already do not track users.
8. Browser-Specific Cookie Management Instructions
Below are direct links to the official cookie management instructions for the most widely used web browsers:
| Browser | Cookie Settings Page |
|---|---|
| Google Chrome | support.google.com/chrome/answer/95647 |
| Mozilla Firefox | support.mozilla.org — Cookies |
| Apple Safari (macOS) | support.apple.com — Safari Cookies (Mac) |
| Apple Safari (iOS / iPadOS) | support.apple.com — Safari Cookies (iOS) |
| Microsoft Edge | support.microsoft.com — Edge Cookies |
| Opera | help.opera.com — Cookies |
| Brave | Brave is based on Chromium; follow Google Chrome instructions above, or visit support.brave.com |
For mobile devices, cookie and local storage management is typically found in the browser app's settings under "Privacy" or "Site Settings".
9. Consequences of Disabling or Deleting Our Cookies
Because Cproat uses only essential cookies and local storage, disabling or deleting them will affect the functionality of the Service:
| Cookie / Storage Item | If Disabled or Deleted |
|---|---|
| sb-access-token | You will be immediately logged out of your account and will need to log in again to use the Service. The platform will not function for authenticated users without this cookie. |
| sb-refresh-token | Your session will not be automatically renewed when the access token expires (typically after 1 hour). You will be logged out after the access token expires and will need to log in again manually. |
| language (localStorage) | The platform will fall back to the default language (English) on each visit, or will attempt to detect your browser's language preference. This does not affect core functionality. |
If you choose to block cookies entirely for cproat.com, you will not be able to log in or use the authenticated features of the Service. The public marketing pages may still be accessible.
10. Changes to This Cookie Policy
We may update this Cookie Policy from time to time, for example if we add new features that require additional cookies, or in response to changes in applicable law or regulatory guidance.
When we make changes, we will update the "Last Updated" date at the top of this page. If any changes are significant (for example, if we were ever to introduce non-essential cookies), we will provide more prominent notice, such as an email notification or an in-app banner.
We encourage you to review this policy periodically. The most current version is always available at cproat.com/cookie-policy.html.
11. Contact Us
If you have any questions about our use of cookies or this Cookie Policy, please contact us:
Privacy & Cookie Inquiries
Email us at info@cproat.com. We aim to respond within 5 business days.
For more information about how we process your personal data, please read our full Privacy Policy. For information about your data rights under GDPR and KVKK, please see our GDPR & KVKK Compliance page.