Cookie Policy
Effective 15 July 2026
1. What cookies are
Cookies are small text files placed on your device when you visit a website. We also use similar technologies such as browser local storage, session storage, and web beacons. This policy explains what Startup Roles uses, why, and how you can control them. It sits alongside our Privacy Policy.
2. Categories we use
- Strictly necessary. Required for the Platform to function: authentication tokens, session persistence, CSRF protection, load balancing, remembering your cookie consent decision, and preserving your in-progress draft brief if you sign in mid-flow. These cannot be switched off.
- Analytics (optional). Help us understand which parts of the Platform are used, where users get stuck, and where product decisions should focus. Loaded only if you consent.
- Marketing (optional). Used to measure the performance of marketing campaigns and, where enabled, to reach relevant audiences off-site. Off by default.
3. Examples of what we set
The exact set of cookies changes over time as we ship product updates. Common items include:
- Authentication cookies issued by our authentication and database provider (Supabase). Used to keep you signed in. Session-based or up to the token lifetime configured for your account.
- Consent record stored in browser local storage so we remember your cookie choice for up to 12 months.
- Draft brief token stored in browser local storage so an anonymous visitor can pick up their in-progress role after signing in. Cleared on sign-in merge or on user request.
- Impersonation banner cookie used by admin staff to indicate a read-only "view as" session. Session-based.
- Hosting cookies set by Cloudflare for security, bot filtering, and load balancing.
- Analytics cookies (only if you opt in) that record aggregated usage events.
4. Your choices
When you first visit Startup Roles you are asked to accept, reject, or customise non-essential cookies. You can change your mind at any time using the button below. Rejecting non-essential cookies does not restrict access to the Platform.
5. Browser controls
You can also block, delete or restrict cookies through your browser's settings. Doing so may break sign-in, session persistence, or draft recovery.
6. Third parties
Some cookies are set by sub-processors that operate the Platform on our behalf, including our hosting provider (Cloudflare), our database and authentication provider (Supabase), and (if you opt in) analytics providers. Each processes the data under a written data processing agreement.
7. Do-not-track signals
We currently do not respond to Do-Not-Track browser signals, because there is no consistent industry interpretation of them. We respect the choice you make in our consent banner and in your browser cookie settings.
8. Changes
We may update this policy from time to time. Material changes will be notified by updating the Effective Date above and, where appropriate, by in-product notice.
9. Contact
Privacy questions: privacy@startuproles.co.