Cookie Policy

Effective: April 2026 · Operated by Pixel Pundit · Victoria, Australia · questlings.dev

TL;DR — One auth session cookie to keep you logged in. No advertising cookies. No cross-site tracking. Vercel Analytics is cookieless. That's the full list.

1. What Are Cookies?

Cookies are small text files stored in your browser by websites. They help sites remember who you are between page loads. Other browser storage mechanisms like localStorage work similarly. Cookies and localStorage are not inherently harmful, but some sites use them extensively for tracking. We do not.

2. What Questlings Stores

Name / Type	Purpose	Set by	Duration	Category
Supabase auth token session cookie / localStorage	Keeps you logged in. Without this, you'd be signed out on every page refresh.	Supabase	Until logout or session expiry (~1 hour, auto-refreshed)	Functional
Guest mode data localStorage	Tasks, trophies, and player progress when using the app without an account.	Questlings	Until you clear browser storage or migrate to an account	Local only
App preferences localStorage	Small UI preferences (e.g., onboarding seen, sound mute state).	Questlings	Until cleared or logout	Local only
Service worker cache Cache API	Static app files (JS, CSS, images) for offline support and faster loading. No personal data.	Questlings PWA	Until app updates or site data cleared	Local only
Vercel Analytics	Anonymous, aggregated performance data. Does not identify individual users.	Vercel	No cookies set	No cookies

3. What We Do Not Use

Advertising cookies or tracking pixels
Third-party analytics cookies (Google Analytics, Mixpanel, etc.)
Social media tracking cookies (Facebook Pixel, etc.)
Cross-site tracking of any kind
A/B testing cookies
Heatmap or session recording tools (Hotjar, FullStory, etc.)

4. Vercel Analytics

Vercel Analytics collects anonymous, aggregated data about how the app is used. It does this without cookies and without storing personally identifiable information. It does not track you across websites. See Vercel's analytics privacy docs.

5. The Auth Session

When you log in, Supabase stores an authentication token in your browser (cookie and/or localStorage). This token proves your identity to the server — without it, every request would be anonymous. This is a strictly functional mechanism with no privacy-preserving alternative if you want to stay logged in. You can avoid it entirely by using guest mode.

6. Controlling Browser Storage

You can control or delete cookies and localStorage through your browser:

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Settings → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions

Clearing the auth session will log you out. Clearing localStorage in guest mode will permanently delete your local data.

7. Changes

If we add new cookies or storage mechanisms, we will update this page and notify registered users of material changes.

8. Contact

Questions? Email contact@pixelpundit.dev.