Legal
Cookie Policy
Last updated . Companion document to the Privacy Policy.
What are cookies?
Cookies (and similar technologies like localStorage) are small bits of data your browser stores so a site can remember things between visits. We use them sparingly and categorize them so you can choose what to allow.
Categories we use
- Necessary— the site can't work without these (auth, security, remembering this very consent choice). Always on, no consent required under ePrivacy.
- Analytics — anonymous traffic patterns via Google Analytics 4 (loaded through Google Tag Manager). Off by default. We set IP anonymization and
ads_data_redaction. - Marketing — none active today. Reserved for future remarketing pixels. Off by default.
- Preferences — convenience storage (theme, dismissed banners). Off by default.
Cookies we may set
| Name | Category | Purpose | Duration | Domain |
|---|---|---|---|---|
| redxtrm.consent.v1 | Necessary | Stores your cookie preference choices so we don't re-prompt. | Local storage, persistent | redxtrm.com |
| sb-*-auth-token | Necessary | Supabase authentication session (only if you sign in). | Session + refresh token | redxtrm.com |
| __vcrl_v | Necessary | Vercel BotID challenge token for protected POST endpoints. | Session | redxtrm.com |
| _ga, _ga_* | Analytics | Google Analytics 4 client identifier and session state. Set only after you accept analytics. | Up to 2 years | .redxtrm.com |
| _gid | Analytics | Google Analytics short-lived session id. | 24 hours | .redxtrm.com |
| theme | Preferences | Remembers your light/dark/system theme preference. Set only if you allow preferences. | 1 year | redxtrm.com |
Third-party tools may set additional cookies (e.g. embedded YouTube on case-study pages uses youtube-nocookie.com). We embed via the privacy-enhanced domain and only after interaction.
Manage your choices
Open the preferences panel any time and switch categories on or off. Choices apply across this browser.
You can also block or delete cookies in your browser settings. Doing that may break parts of the site (e.g. you'll be signed out).
Do Not Track & Global Privacy Control
We respect Sec-GPC: 1 headers as a signal to keep analytics and marketing off until you explicitly opt in. Browser-level DNT is no longer a standard but is treated the same way.