Cookie Policy
How we use cookies and similar technologies on our website and platform.
Posted: May 9, 2025
1. About this Policy
This Cookie & Similar Technologies Policy ("Policy") explains how White Shoe AI, Inc. ("White Shoe AI," "we," "us," or "our") uses cookies, local-storage objects, web beacons, and comparable technologies (collectively, "cookies") when you visit white-shoe.ai or any website that links to this Policy (the "Site"). It should be read together with our Privacy Policy at www.white-shoe.ai/legal/privacy. Capitalized terms not defined here have the meaning given in that Privacy Policy.
Under the EU ePrivacy Directive, the UK Privacy and Electronic Communications Regulations (PECR), the GDPR, CCPA/CPRA, and other applicable laws, we must (i) inform you about the cookies we set, (ii) explain why we use them, and (iii) obtain your consent for any cookies that are not strictly necessary.
2. What are cookies?
Cookies are small text files placed on your device (computer, phone, tablet) when you visit a website. They allow the site to recognize your device and store information such as user preferences or authentication tokens. Related technologies—HTML5 Local Storage, Session Storage, web beacons, pixels, and SDKs—operate in a similar way, and for simplicity we refer to them here as "cookies."
3. Why we use cookies
We currently use cookies only for the following essential purposes:
| Category | Purpose | Legal basis (GDPR) | Do they require consent? |
|---|---|---|---|
| Strictly Necessary | • Authenticate you and keep you logged in • Maintain session security and load balancing • Enable core Site features | Art. 6 (1)(b) – contract performance | No. These cookies are required for the Site to function. |
We do not presently deploy analytics, advertising, or social-media cookies on our domain. If we add such cookies in the future, we will (a) update this Policy, and (b) ask for your prior consent via a banner or preference center.
4. Cookies we set
| Cookie / Storage Key | Provider | First or third party | Typical duration | Purpose |
|---|---|---|---|---|
| sb-access-token | White Shoe AI / Supabase | First-party | Session (expires on sign-out or 60 minutes of inactivity; refreshed silently) | JWT used to verify your identity for API requests. |
| sb-refresh-token | White Shoe AI / Supabase | First-party | 7 days* | Refreshes the access token so you stay signed in. |
| supabase.auth.token (Local Storage) | White Shoe AI / Supabase | First-party | Until manual deletion / sign-out | Stores the same access & refresh tokens in encrypted form to persist login across browser restarts. |
| next-i18next (if present) | White Shoe AI | First-party | 24 hours | Remembers your language choice (functional). |
| _vercel_experimental_csrf (if present) | Vercel | First-party | 30 minutes | Protects forms & APIs from CSRF attacks. |
* Exact lifetimes are determined by our Supabase security settings and may change as we tighten or extend session limits.
5. Third-party cookies we do not set but you may encounter
| Scenario | Who sets them | Where & why |
|---|---|---|
| Payment checkout & billing portal | Stripe | Cookies load only on Stripe's own domains (checkout.stripe.com, billing.stripe.com). They handle fraud prevention, session continuity, and payment security. See Stripe's Cookie Policy for details. |
| Linked pages or embeds | Other providers | If we embed third-party content (e.g., Loom videos, Calendly forms) those providers may set their own cookies the moment you interact with the embed. Their policies will apply. |
6. Managing your cookie preferences
Because our first-party cookies are strictly necessary for security and basic functionality, they cannot be disabled via the Site. You can:
- Browser controls
Most browsers let you delete or block cookies entirely or per-site:- Chrome: Settings → Privacy & Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Advanced → Website Data
- Edge: Settings → Cookies and site permissions
Blocking our essential cookies will log you out and may prevent the Service from working.
- Clear local-storage data
Use your browser's developer tools → Application/Storage tab to remove specific Local Storage keys (e.g., supabase.auth.token) or clear all site data. - Stripe or other third parties
Stripe and other providers offer their own opt-out choices through their cookie banners or account-settings pages.
7. Do-Not-Track signals
Our Site does not currently respond to "Do Not Track" or similar browser signals. We will reassess if we introduce analytics or advertising cookies.
8. Changes to this Policy
We may update this Policy to reflect legal, technical, or business changes. When we do, we will revise the "Last updated" date and, where changes are material, display a notice on the Site or obtain renewed consent if required by law.
9. Contact us
Questions or concerns? Please e-mail privacy@white-shoe.ai or write to:
White Shoe AI
Email: privacy@white-shoe.ai