Cookie Policy
Last updated: 2026-06-21 · OpenSassy
This policy is written against UK PECR and UK GDPR, and lists only what OpenSassy actually sets — verified by reviewing the platform's code, not a generic template.
The short version
OpenSassy does not set any browser cookies. We don't use cookies for login, preferences, or analytics. Instead, the app stores a small number of items in your browser's localStorage and sessionStorage — these work similarly to cookies (they sit on your device) but are never sent automatically with every request the way a cookie is, and there is no cookie consent banner because there is nothing here that PECR's cookie rules apply to in the traditional sense. We still document everything stored, in the spirit of transparency.
What we actually store (localStorage / sessionStorage)
Audited directly against the OpenSassy web codebase. None of these are sent to a server automatically — they're read by the page's own JavaScript and attached to API requests (e.g. as an Authorization header) when needed.
Strictly necessary required to use the platform
Keep you signed in and scoped to the right business/customer account. Without these you'd be logged out on every page load.
Functional improves the experience, not essential
Remember interface state and onboarding progress — no personal data.
Session-only (sessionStorage)
Cleared automatically when you close the tab.
Analytics / advertising / third-party tracking
None. OpenSassy has no Google Analytics, Meta Pixel, PostHog, Mixpanel, Hotjar, or any other tracking or advertising script wired in as of this audit. If that changes, this page (and a cookie consent banner) will be updated before the change ships — COUNSEL: confirm the process for re-auditing this page is contractually required before any analytics is added.
Supabase authentication
OpenSassy's sign-up/login flow on some pages uses Supabase Auth in the browser. By default this also persists its session in localStorage (not a cookie). If this changes to a cookie-based Supabase session in a future build, this section will be updated to reflect that. COUNSEL: confirm no first-party cookie is set server-side by any current route before this page is finalised — verify against a live response, not just the code.
Managing or clearing this data
Because nothing here is a cookie, your browser's cookie controls won't show or block it. Instead:
- Logging out clears your session token directly.
- Your browser's "Clear site data" / "Clear browsing data" → Site settings/Cookies and site data for the-sassy.com will remove everything listed above.
- Disabling localStorage in your browser will prevent you from staying logged in to OpenSassy.
Your rights
Under UK GDPR you have the right to access, correct, and delete personal data we hold, including any identifiers stored in your browser. Contact hello@the-sassy.com to exercise these rights. See our Privacy Policy for the full picture of what we process.
Changes
We will update this policy whenever the platform starts storing something new in the browser, or starts using actual cookies (e.g. if we add analytics). The date above reflects the last code audit.