Setoria — Cookie Policy

Effective date: 25 April 2026

Last updated: 25 April 2026

1. About this Policy

This Cookie Policy explains how Ryan Kealey, trading as Setoria ("Setoria," "we," "us") uses cookies and similar technologies on the Setoria marketing website at https://setoria.io and the Setoria web application at https://app.setoria.io (the "Service").

It should be read alongside our Privacy Policy, which describes how we process your personal data more generally.

2. What cookies are

Cookies are small text files placed on your device when you visit a website or open a web application. They allow the site to recognise your device, remember your preferences or sign-in state, and operate features that depend on persistence between page loads.

"Similar technologies" includes browser local storage, session storage, and similar mechanisms used for the same purposes. References to "cookies" in this Policy include those technologies where relevant.

Cookies can be:

First-party — set by the website you are visiting (in this case, Setoria).
Third-party — set by services embedded by the website (for example, analytics or advertising providers).
Session — deleted when you close your browser.
Persistent — kept on your device for a set period, until they expire or you delete them.

3. The cookies Setoria uses

Setoria currently uses only strictly necessary cookies and similar technologies required to operate the Service. We do not use cookies for analytics, advertising, profiling, or cross-site tracking.

Name / type	Purpose	Type	Duration
Authentication session	Keeps you signed in after you click your magic link. Set by our authentication provider, Supabase, on app.setoria.io.	First-party, strictly necessary	Session + refresh token, typically up to 60 days while active
Browser local storage (auth tokens)	Stores your active session token securely in browser storage so the application can authenticate API requests.	First-party, strictly necessary	Until sign-out or session expiry
CSRF / security tokens	Protects sign-in and sensitive actions from cross-site request forgery.	First-party, strictly necessary	Session

Strictly necessary cookies do not require prior consent under UK and EU law (including the UK Privacy and Electronic Communications Regulations and the EU ePrivacy Directive), because they are essential to deliver a service you have actively requested — namely, signing in and using the Service.

4. What we do not use

As of the effective date of this Policy, Setoria does not use:

Analytics cookies (e.g., Google Analytics, Plausible, Mixpanel).
Advertising or marketing cookies.
Cross-site tracking pixels or conversion tags.
Social media share-and-track cookies.
Fingerprinting or device-recognition technologies for behavioural profiling.

If we add any non-essential tracking in future, we will:

Update this Policy and the cookie table above.
Where required by law, present you with a consent banner that lets you accept, reject, or selectively enable categories of non-essential cookies before any non-essential cookie is set.
Notify existing users of material changes.

5. Third-party services

Some sub-processors (notably Stripe, which handles checkout, and Supabase, which handles authentication) may set their own cookies on the pages they directly serve. These are essential to operating those services and are governed by the respective providers' policies:

Stripe: https://stripe.com/legal/cookies-policy
Supabase: https://supabase.com/privacy

We do not embed Stripe or Supabase tracking on our marketing site beyond what is necessary for the sign-in and checkout flows.

6. How to control cookies

Because Setoria uses only strictly necessary cookies, blocking them will prevent you from signing in to or using the Service.

You can manage and delete cookies through your browser settings. Common options:

Chrome: Settings → Privacy and security → Cookies and other site data
Safari: Settings → Privacy → Manage Website Data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data

You can also use private or incognito browsing mode, which limits cookie persistence to the session.

For broader information on cookie controls, see https://www.aboutcookies.org or, if you are in the UK, https://ico.org.uk/your-data-matters/online/cookies/.

7. Do Not Track and Global Privacy Control

Some browsers send a "Do Not Track" (DNT) or Global Privacy Control (GPC) signal. Because Setoria does not currently engage in cross-context behavioural tracking or sale of personal information, there is no relevant tracking activity to disable. If we ever introduce non-essential tracking, we will honour GPC signals from California users in line with the CCPA/CPRA and applicable regulations.

8. Children

Setoria is not directed at children under the age of 16. We do not knowingly set cookies on the devices of users under 16. See our Privacy Policy for more on children's data.

9. Changes to this Policy

We may update this Policy when our use of cookies or similar technologies changes, when the law changes, or for clarification. The "Last updated" date above will reflect any change. Material changes — particularly the introduction of any non-essential cookie — will be communicated to you in advance and accompanied by a consent mechanism where required.

10. Contact

For questions about this Cookie Policy:

Email: hello@setoria.io
Mail: Ryan Kealey, trading as Setoria, Northern Ireland, United Kingdom (specific address available on request for verified correspondence)