Legal
Cookie Policy
Last updated: April 28, 2026
This Cookie Policy explains what cookies and similar storage technologies Timebox uses, why we use them, and your choices. It complements our Privacy Policy.
1. Summary
Timebox uses only strictly necessary cookies and local-storage entriesrequired to operate the Service. We do not use analytics cookies (Google Analytics, Plausible, etc.), advertising cookies, social-media tracking pixels, or any third-party cross-site trackers.
Because we set no non-essential cookies, no cookie consent banner is required under the ePrivacy Directive (Art. 5(3)) and the GDPR.
2. What we store on your device
| Name | Type | Purpose | Duration |
|---|---|---|---|
sb-*-auth-token | localStorage | Keeps you signed in across sessions (Supabase auth) | Until sign-out |
timebox-builder-session | localStorage | Saves your in-progress collection so you can resume it later | Until cleared |
__cf_bm (set by Cloudflare) | Cookie (HttpOnly) | Bot management and DDoS protection | 30 minutes |
All entries above are classified as "strictly necessary" — without them the Service cannot function as intended.
3. How to clear them
You can clear cookies and local-storage at any time using your browser's settings (typically under "Privacy" or "Site data"). Signing out of Timebox also clears the authentication token. Clearing the builder session will reset your in-progress collection.
4. Future changes
If we add any non-essential cookies in the future (for example, opt-in analytics), we will update this page and present a clear consent prompt before any such cookie is set, in line with GDPR and the ePrivacy Directive.
5. Contact
Questions? Email hello@timebox.watch.