Legal

Cookie Policy

What cookies we use, why we use them, and how to control them.

Last updated: March 2026

On this page

What Are CookiesCookies We UseEssential CookiesFunctional CookiesAnalytics CookiesPayment Cookies (Stripe)What We Do Not UseHow to Control CookiesDo Not TrackChanges to This Policy

Short version: We use only essential session cookies, anonymous analytics, and Stripe payment security cookies. No advertising trackers. No data selling. No cross-site tracking.

What Are Cookies

Cookies are small text files stored on your device by your web browser when you visit a website. They allow websites to remember information about your visit — such as your login state, preferences, and how you interact with the site.

Cookies set by the website you are visiting are called "first-party cookies." Cookies set by other parties (such as payment processors or analytics services) are called "third-party cookies."

Cookies We Use

We use a minimal set of cookies — only what is necessary to operate the Services and improve your experience. We do not use advertising cookies or sell cookie data.

Essential Cookies

These cookies are required for the Services to function. They cannot be disabled without affecting your ability to use core features.

  • Session token (Supabase) — maintains your logged-in state across page loads. Expires when you log out or after a period of inactivity. First-party.
  • CSRF protection token — prevents cross-site request forgery attacks. Required for form submissions. First-party.
  • Auth refresh token (Supabase) — allows your session to be renewed without requiring you to log in again. Stored in a secure, httpOnly cookie. First-party.

Essential cookies cannot be disabled in our cookie settings as they are technically required for secure authentication.

Functional Cookies

These cookies remember your preferences and settings to provide a better experience. Disabling them will not prevent you from using the Services but may reset your preferences on each visit.

  • Dashboard state — remembers whether you have dismissed the welcome banner and other UI preferences. Stored in localStorage, not a traditional cookie. First-party.
  • Theme preference — remembers your display preferences if customized. First-party.

Analytics Cookies

We use Vercel Analytics to understand how visitors use our website. This data is aggregated and anonymized — no personally identifiable information is tracked.

  • Vercel Analytics — tracks page views, referrer sources, and general usage patterns. Data is anonymous and does not include personal identifiers. No cross-site tracking.

We do not use Google Analytics, Meta Pixel, or any behavioral advertising trackers.

Payment Cookies (Stripe)

When you access our checkout or billing portal, Stripe (our payment processor) may set cookies for fraud detection and security purposes. These are third-party cookies set by Stripe.

  • __stripe_mid — Stripe device fingerprinting for fraud prevention. Expires after 1 year.
  • __stripe_sid — Stripe session identifier for the checkout flow. Expires after 30 minutes.

Stripe is PCI-DSS Level 1 compliant. Their cookie data is used solely for payment security and fraud detection — not for advertising.

What We Do Not Use

GenHedge does not use any of the following:

  • Advertising cookies or tracking pixels (no Google Ads, Meta Pixel, TikTok Pixel, etc.)
  • Behavioral profiling or interest-based advertising
  • Cross-site tracking cookies
  • Third-party social media cookies (social share buttons do not set cookies)

We will update this policy if we ever introduce any of the above. You will be notified via email 30 days in advance of any material changes to our cookie practices.

How to Control Cookies

You can control and delete cookies through your browser settings. Most browsers allow you to block or delete cookies, or to be notified when a cookie is set.

  • Chrome: Settings → Privacy and Security → Cookies and other site data
  • Safari: Preferences → Privacy → Manage Website Data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Edge: Settings → Cookies and Site Permissions → Cookies and Site Data

Blocking essential cookies (Supabase session and auth tokens) will prevent you from logging in to GenHedge. Other features will remain accessible without cookies.

Do Not Track

Some browsers send a "Do Not Track" (DNT) signal to websites. GenHedge respects the intent of DNT signals. When a DNT signal is detected, we do not load any third-party analytics scripts beyond what is required for security.

Changes to This Policy

We may update this Cookie Policy from time to time, including if we add new features that use different cookies. We will post changes here with an updated "Last updated" date. Material changes will be communicated via email to registered users.

Related policies

DisclosuresPrivacy PolicyTerms of Service

Questions?

For questions about our cookie practices, contact us at legal@genhedge.com

← Back to Home

© 2026 GenHedge. All rights reserved.