Cookie Policy

We use only the cookies needed to keep you signed in and remember your theme preference. We don't use third-party analytics, advertising, or behavioural tracking cookies. No consent banner is required because everything we set falls under the strictly necessary category.

These cookies are required for the site to function. They cannot be disabled.

• sb-*-auth-token (and refresh-token): Set by Supabase to keep your authenticated session active. Without these, you would have to sign in on every page reload. Lifetime: refreshed on use, expires after long inactivity.
• theme: A small key in localStorage (technically not a cookie, but the same idea) remembering your Light / Dark / System choice.

When you make a payment, you are briefly handed off to Lemon Squeezy (our payments processor), which sets its own session cookies on its domain. Those cookies are governed by Lemon Squeezy's privacy policy, not ours.

• No Google Analytics or similar analytics cookies.
• No advertising or remarketing cookies.
• No social-media tracking pixels.
• No cross-site behavioural tracking. The browser fingerprint rules in major browsers (e.g. Firefox ETP, Safari ITP) have nothing to block on soralab.

You can clear soralab cookies at any time from your browser's site settings. Doing so will sign you out and reset your theme preference. You can also use private / incognito mode, which discards all cookies when the window closes — soralab works fine in that mode.