Cookie Policy
This Cookie Policy explains how The Story Maker uses cookies and similar tracking technologies when you visit or use our Service. This policy should be read alongside our Privacy Policy.
1.0 What Are Cookies
1.1 Definition
Cookies are small text files placed on your device by your web browser when you visit a website. They are widely used to make websites function, improve efficiency, and provide information to site owners.
1.2 Similar Technologies
In addition to cookies, we may use local storage, session storage, and server-side session identifiers to provide similar functionality. References to "cookies" in this policy include all such technologies unless stated otherwise.
2.0 Cookie Categories
We classify cookies into three categories based on their purpose and necessity:
2.1 Strictly Necessary Cookies
These cookies are essential for the Service to function and cannot be disabled. They do not require consent under GDPR/ePrivacy regulations.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
| auth-token | JWT authentication session | 24 hours | HttpOnly, Secure |
| refresh-token | Session renewal without re-login | 7 days | HttpOnly, Secure |
| csrf-token | Cross-site request forgery protection | Session | HttpOnly |
| cookie-consent | Records your cookie preferences | 365 days | Persistent |
| sb-*-auth-token | Supabase authentication session | Session | HttpOnly, Secure |
2.2 Functional Cookies
These cookies enable enhanced functionality and personalization. While the Service can function without them, disabling them may degrade your experience.
| Cookie / Storage Key | Purpose | Duration | Type |
|---|---|---|---|
| theme | Stores light/dark mode preference | 365 days | Local Storage |
| sidebar-collapsed | Remembers sidebar state preference | 365 days | Local Storage |
| project-autosave-* | Auto-saves work-in-progress for crash recovery | Session | Session Storage |
| onboarding-completed | Tracks onboarding completion to avoid repetition | 365 days | Local Storage |
| language-preference | Stores selected interface language | 365 days | Local Storage |
2.3 Analytics & Performance Cookies
These cookies help us understand how the Service is used and identify performance issues. They collect aggregated, anonymized data. These require your consent.
| Cookie / Service | Provider | Purpose | Duration |
|---|---|---|---|
| _sentry-* | Sentry | Error tracking, performance monitoring, session replay | Session |
| ph_* | PostHog (if enabled) | Product analytics, feature usage tracking | 365 days |
| vercel-* | Vercel | Web Vitals, deployment analytics | Session |
3.0 Your Consent & Choices
3.1 Cookie Consent Banner
When you first visit the Service, a cookie consent banner is displayed offering three options with equal visual prominence:
- Accept All — Enables all cookie categories (Strictly Necessary + Functional + Analytics)
- Reject All — Enables only Strictly Necessary cookies. Functional and Analytics cookies are blocked.
- Manage Preferences — Opens a granular settings panel where you can enable or disable each category individually.
3.2 Equal Prominence Requirement
In compliance with 2026 EU ePrivacy standards and CNIL guidance, the "Reject All" button is presented with equal visual weight, size, and placement as the "Accept All" button. We do not use dark patterns, pre-checked boxes, or confusing language to steer your choice.
3.3 Withdrawing or Changing Consent
You can change your cookie preferences at any time by:
- Clicking the cookie settings icon in the application footer
- Visiting the Settings page and navigating to "Privacy & Cookies"
- Clearing your browser cookies and revisiting the Service (the banner will reappear)
3.4 Browser-Level Controls
You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies, set per-site exceptions, and browse in "private" or "incognito" mode. Note that blocking all cookies may prevent the Service from functioning correctly (as authentication cookies are required).
4.0 Third-Party Cookies
4.1 Payment Processing
Razorpay may set its own cookies during the checkout process for fraud detection and session management. These cookies are governed by Razorpay's Privacy Policy.
4.2 No Advertising Cookies
We do not use advertising cookies, tracking pixels for ad networks, retargeting cookies, or any form of cross-site behavioral advertising. Your creative work and browsing behavior on The Story Maker are never shared with advertisers.
5.0 Do Not Track (DNT)
We respect the Do Not Track browser signal. When a DNT signal is detected, we automatically disable all non-essential cookies (Functional and Analytics categories) for that session, equivalent to selecting "Reject All."
6.0 Global Privacy Control (GPC)
We recognize and honor the Global Privacy Control signal as a valid opt-out of non-essential tracking, consistent with CCPA/CPRA and emerging 2026 privacy standards. When a GPC signal is detected, Analytics cookies are automatically suppressed.
7.0 Changes to This Cookie Policy
We may update this Cookie Policy as our technology and practices evolve. Material changes will reset the cookie consent banner, requiring you to make a fresh choice. The "Last Updated" date at the top of this page reflects the most recent revision.
8.0 Contact
For questions about our use of cookies:
- Email: contact@thestorymaker.app