Cookie Policy
Last updated: January 2025
What Are Cookies?
Cookies are small text files stored on your device by your browser when you visit a website. They allow websites to remember your preferences, keep you signed in, and understand how you use the site. Cookies cannot run programs or transmit viruses. Most websites you visit use cookies to operate correctly.
Cookies We Use
Essential cookies (always active). These cookies are strictly necessary for NeedleKit to function. Without them, you cannot log in or use authenticated features. They include your Supabase authentication session cookie (which keeps you signed in), a CSRF protection cookie, and preference cookies like your dashboard theme. We do not require consent for essential cookies because the site cannot function without them. The legal basis for these cookies is our legitimate interest in providing a secure, functional service.
Analytics cookies (with your consent). With your permission, we use analytics cookies to understand how visitors use NeedleKit — which pages are most popular, which tools are used most often, and where users encounter difficulty. This data is aggregated and anonymized. It helps us make NeedleKit better. You can opt out of analytics cookies via the cookie consent banner or by contacting us. The legal basis for these cookies is your explicit consent.
Marketing and advertising cookies. NeedleKit does not use marketing or advertising cookies. We do not serve ads and do not track you across other websites for advertising purposes. If you see ads for NeedleKit elsewhere on the internet, those are managed through platforms like Google Ads which have their own cookie policies outside our control.
Cookie Reference Table
| Name | Purpose | Duration | Type |
|---|---|---|---|
| sb-*-auth-token | Supabase authentication session | 90 days | Essential |
| needlekit-consent | Your cookie consent preferences | 1 year | Essential |
| needlekit-theme | Dashboard UI theme preference | 1 year | Essential |
| __cf_bm | Cloudflare bot detection (Turnstile CAPTCHA) | 30 min | Essential |
| _analytics_session | Optional anonymous usage analytics | Session | Analytics |
Third-Party Cookies
Supabase. Our authentication system (Supabase Auth) sets a session cookie when you log in. This cookie identifies your session and is required for authentication. Supabase is SOC 2 Type II certified and stores data in secure data centers.
Stripe. When you visit our checkout or billing portal powered by Stripe, Stripe may set cookies to prevent fraud and ensure the security of payments. These are governed by Stripe's cookie policy at stripe.com/privacy.
Cloudflare Turnstile. We use Cloudflare Turnstile as a privacy-respecting CAPTCHA alternative on our signup form. Turnstile uses a '__cf_bm' cookie for bot detection. Unlike traditional CAPTCHAs, Turnstile is designed to minimize tracking and does not use advertising cookies.
We do not use Google Analytics, Facebook Pixel, or any other third-party advertising trackers.
Local Storage & Session Storage
In addition to cookies, NeedleKit uses browser local storage to save your cookie consent preference (so we don't show you the banner on every visit) and certain tool preferences (like your last-used thread brand filter). Session storage is used to temporarily hold your device fingerprint during a browsing session, which is used as part of our anti-fraud system. Local and session storage data is stored only on your device and is not transmitted to our servers except during active API calls.
How to Manage Cookies
You can manage your cookie preferences by clicking "Essential Only" in our cookie consent banner to opt out of analytics cookies. All modern browsers also allow you to view, manage, and delete cookies through browser settings. Disabling essential cookies will prevent you from using authenticated features of NeedleKit.
Browser-specific cookie management instructions:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
To reset your consent preference, clear your browser's local storage for needlekit.com and the cookie consent banner will reappear on your next visit.
Cookie Duration
Session cookies are deleted when you close your browser. Persistent cookies (like your login session and consent preference) are stored for up to 90 days before expiring. You can delete them at any time through your browser settings.
Changes to This Policy
We may update this Cookie Policy from time to time as our platform evolves or as new regulations apply. When we make significant changes, we will notify you in the cookie consent banner. The date at the top of this page indicates when the policy was last updated.
Contact
If you have questions about our cookie practices, contact us at team@needlekit.com.