Cookie Policy
Last updated: March 2026
1. Overview
EdgeSeeker ("we", "us", "our") uses cookies and similar technologies to authenticate users, remember preferences, protect against bots, and improve platform reliability. We do not use cookies for advertising, retargeting, or behavioral profiling.
2. What Are Cookies and Similar Technologies
Cookies are small text files stored on your device by your browser. They allow websites to recognize returning users and persist state across page loads.
Local storage is a browser mechanism that stores key-value data on your device. Unlike cookies, local storage data is not sent to the server with each request and has no expiration date unless explicitly removed.
In-memory sessions are cryptographic keys held in your browser's RAM during your active session. They are never written to disk and are destroyed when you close the tab, refresh the page, or log out.
3. Our Consent Model
EdgeSeeker uses only strictly necessary and functional cookies and storage. We do not use any marketing, advertising, or non-essential tracking cookies. Because all cookies and storage we use are either strictly necessary for the Platform to function or store your explicit preferences, we do not display a cookie consent banner. This approach is consistent with applicable privacy regulations, which exempt strictly necessary cookies from consent requirements.
If we ever introduce non-essential cookies (such as analytics cookies that set persistent identifiers), we will update this policy and implement appropriate consent mechanisms before deploying them.
4. Cookies We Set
4.1 Essential Cookies (Strictly Necessary)
These cookies are required for the platform to function. They cannot be disabled without breaking core functionality. They are set only in response to actions you take (logging in, navigating the site).
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
| Authentication session cookies | Authenticate your session after login. Contain an encrypted session token issued by Supabase Auth. Used to verify your identity on every request. | Session / short-lived refresh | Supabase (first-party) |
| Session validation cookie | Caches the result of the last server-side session validation to prevent redundant database calls on every page load. | Short-lived | EdgeSeeker (first-party) |
All essential cookies are configured with industry-standard security attributes including encryption, secure transmission, and cross-site request protections.
4.2 Security Cookies (Third-Party)
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
| hCaptcha session cookies | Set during bot protection challenges on login and signup forms. Used to verify you are a human and prevent automated attacks. These cookies are set by hCaptcha within its iframe and are subject to hCaptcha's privacy policy (opens in new tab). | Session (varies) | hCaptcha (third-party) |
5. Local Storage We Use
These use your browser's local storage (not cookies) to remember your preferences. Local storage data stays on your device and is never transmitted to our servers.
| Key | Purpose | Data Stored | Duration | Provider |
|---|---|---|---|---|
theme | Stores your selected color theme so the correct theme is applied instantly on page load without a flash of the wrong theme. | "light", "dark", or "system" | Until you change it or clear site data | next-themes (first-party) |
reduced-motion | Stores your accessibility preference for reduced animations. When enabled, all custom animations are disabled. | "true" (present) or absent (disabled) | Until you change it or clear site data | EdgeSeeker (first-party) |
dismissed_announcements | Tracks which announcement banners you have dismissed so they are not shown again on subsequent visits. | JSON array of announcement IDs | Until you clear site data | EdgeSeeker (first-party) |
6. In-Memory Sessions
When you are logged in, the Platform establishes an additional encrypted communication channel between your browser and our servers. This provides an extra layer of protection for sensitive data beyond standard HTTPS encryption.
- Cryptographic keys are generated in your browser's memory and never written to disk
- Session tokens are short-lived and auto-refresh
- Nothing is written to cookies, localStorage, or any persistent storage — all cryptographic material exists only in browser RAM
- The session is destroyed when you log out, close the tab, or refresh the page
7. Third-Party Services
We use the following third-party services. None of them set persistent tracking cookies on your device. We do not allow any third party to use cookies or similar technologies on our Platform for advertising or cross-site tracking purposes.
| Service | Purpose | Cookies | Data Collected |
|---|---|---|---|
| Vercel Analytics | Anonymous page view counts and traffic patterns | None | Page URL, referrer, country (no IP stored, no user identifiers) |
| Vercel Speed Insights | Anonymous Core Web Vitals and performance metrics | None | Page load times (LCP), layout shift (CLS), interaction delay (FID/INP) |
| Sentry | Error tracking, crash reporting, and session replay on errors | None | Error stack traces, browser info, interaction replay on errors only (sampled in production). Authorization headers and cookies are stripped before transmission. |
| Supabase | Authentication and database | Auth session cookies (see Section 4.1) | Account data, session tokens |
| hCaptcha | Bot protection on login and signup forms | Session cookies within hCaptcha iframe | Challenge response tokens, browser environment signals. See hCaptcha's privacy policy (opens in new tab). |
| Bot detection | Automated bot detection on API requests | None | Anonymized browser behavioral signals |
| Stripe | Payment processing (checkout page redirect) | Set on Stripe's domain during checkout only (not on EdgeSeeker's domain) | Payment card, billing address (handled entirely by Stripe). See Stripe's privacy policy (opens in new tab). |
8. Browser Security
We configure industry-standard browser security headers on all responses to protect your session. These headers enforce HTTPS-only connections, prevent clickjacking, restrict script execution, limit referrer information shared with other sites, and disable access to device features (camera, microphone, geolocation) that EdgeSeeker does not use.
9. What We Do Not Use
- No advertising or retargeting cookies
- No cross-site tracking pixels or beacons
- No social media tracking widgets (Facebook Pixel, Google Analytics, etc.)
- No fingerprinting for advertising purposes (device fingerprinting is used only for account security — see our Privacy Policy)
- No sessionStorage, IndexedDB, or Web SQL
- No service worker caching of personal data
- No third-party cookie consent walls (all our cookies are strictly necessary or functional)
10. "Do Not Track" Signals
Some browsers send a "Do Not Track" (DNT) signal with web requests. There is no industry standard for how websites should respond to DNT signals. Because EdgeSeeker does not engage in cross-site tracking, behavioral advertising, or the sale of personal information, your experience on the Platform is the same regardless of your DNT setting.
We also honor the Global Privacy Control (GPC) signal where required by applicable state privacy laws. If your browser sends a GPC signal, we treat it as a request to opt out of the sale or sharing of personal information — though we do not sell or share personal information in the first place.
11. Managing Cookies and Storage
You can manage cookies and local storage through your browser settings. Most browsers allow you to block or delete cookies and clear site data. However, blocking essential cookies will prevent you from logging in or using the Platform.
- Clear all site data: Use your browser's "Clear browsing data" feature or site-specific settings to remove all cookies and local storage for EdgeSeeker.
- Theme preference: Clearing local storage will reset your theme to the system default.
- Announcement banners: Clearing local storage will cause previously dismissed banners to reappear.
- Session cookies: Clearing cookies will log you out and require you to sign in again.
- Encrypted session: The encrypted session is automatically destroyed when you close the tab or refresh. No action needed.
For instructions on managing cookies in your browser, visit your browser's help documentation:
- Google Chrome (opens in new tab)
- Mozilla Firefox (opens in new tab)
- Safari (opens in new tab)
- Microsoft Edge (opens in new tab)
12. Complete Storage Inventory
For full transparency, here is a complete summary of everything stored on your device by EdgeSeeker:
| Item | Type | Category | Duration | Party |
|---|---|---|---|---|
| Authentication session cookies | Cookie | Essential | Short-lived | First |
| Session validation cookie | Cookie | Functional | Short-lived | First |
| hCaptcha session | Cookie | Security | Session | Third |
theme | localStorage | Functional | Indefinite | First |
reduced-motion | localStorage | Functional | Indefinite | First |
dismissed_announcements | localStorage | Functional | Indefinite | First |
| Encrypted session | In-memory | Security | Short-lived | First |
13. Changes to This Policy
We may update this policy when we add or remove services or change how we use cookies and storage. Material changes will be noted with an updated "Last updated" date at the top of this page. If we introduce any non-essential cookies that require consent, we will notify you and implement appropriate consent mechanisms before deploying them.
14. Related Policies
- Privacy Policy — how we collect, use, and protect your personal data
- Terms of Service — the rules governing use of the Platform
- Disclaimer — risk disclosures and legal disclaimers
15. Contact
Questions about our use of cookies? Contact us at support@offensiveedge.com.