Cookie Policy
Last updated: April 27, 2026
This Cookie Policy explains how Noydo (operated by Oktay Kırık) ("Noydo", "we", "us", or "our") uses cookies and similar technologies on our website at noydo.com and our related services (the "Service"). It supplements our Privacy Policy.
By using the Service, you agree to the use of cookies as described below. You can change or withdraw your consent at any time by adjusting your browser settings (see Section 5).
1. What Are Cookies?
Cookies are small text files that a website stores on your device (computer, tablet, or phone) when you visit it. They are widely used to make websites work, to remember your preferences, and to provide information to the site's owners. "Similar technologies" include local storage, session storage, and other browser storage mechanisms that work like cookies.
2. Categories of Cookies We Use
We use only strictly necessary cookies and similar storage. We do not use advertising cookies, cross-site tracking cookies, or third-party marketing cookies, and we do not sell your information.
2.1 Strictly Necessary — Authentication
These cookies are required for the Service to function. Without them, you cannot sign in or stay signed in. They cannot be turned off in our system, but you can block them in your browser at the cost of breaking sign-in.
| Cookie / Storage | Provider | Purpose | Type | Duration |
|---|---|---|---|---|
sb-*-auth-token | Supabase | Stores your authenticated session so you stay signed in. | HTTP-only | Up to 1 year (refreshed on use) |
sb-*-auth-token.0, sb-*-auth-token.1, … | Supabase | Chunked variants of the above when the session token is large. | HTTP-only | Up to 1 year (refreshed on use) |
The * in cookie names is replaced by your Supabase project reference at runtime. These cookies are set as HttpOnly and Secure and are read on the server only — they cannot be accessed by JavaScript in your browser.
Mobile app. The Noydo mobile app does not use cookies. Authentication tokens are stored on your device using AES-256 encrypted secure storage (
expo-secure-store) and are never transmitted to third parties.
2.2 Strictly Necessary — Performance & Analytics
We use Vercel Web Analytics and Vercel Speed Insights to understand aggregated traffic and performance. Both are configured by Vercel to be cookieless — they do not store cookies in your browser and do not track you across other websites. They process anonymized request metadata (such as page path, referrer, and timing) on our behalf to help us keep the Service fast and reliable.
If Vercel changes this behavior in the future, we will update this Policy.
2.3 What We Do Not Use
- Advertising cookies
- Cross-site or third-party tracking cookies
- Social-media tracking pixels
- Profiling or behavioral-targeting cookies
- Session-replay or screen-recording tools
3. Third-Party Cookies From Sign-In Providers
If you choose to sign in with Google or GitHub, you will be redirected to that provider's domain to authenticate. The provider may set its own cookies on its own domain during that flow. Those cookies are controlled by the provider and governed by the provider's privacy and cookie policies — we do not have access to them. After you return to Noydo, only the Supabase authentication cookies described in Section 2.1 are set on our domain.
If you sign in with the email magic link instead, no third-party sign-in cookies are involved at all.
4. Legal Basis (GDPR)
For users in the European Economic Area, the United Kingdom, and Switzerland:
- Strictly necessary cookies (Section 2.1) are stored on the basis of our legitimate interest in providing the Service you requested (Art. 6(1)(f) GDPR), and because they are exempt from consent under Article 5(3) of the ePrivacy Directive as they are strictly necessary to deliver a service you have requested.
- Cookieless analytics (Section 2.2) do not involve storing or accessing information on your device, so they fall outside the scope of the consent requirement under Article 5(3) of the ePrivacy Directive.
We will request your explicit consent before introducing any non-essential cookies in the future.
5. How to Control Cookies
Because we only set strictly necessary cookies, we do not display a cookie banner. You can still manage cookies at the browser level:
- Chrome — Settings → Privacy and security → Cookies and other site data
- Safari — Settings → Privacy → Manage Website Data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Edge — Settings → Cookies and site permissions → Manage and delete cookies
Blocking or deleting the Supabase authentication cookies will sign you out and prevent you from signing back in until you allow them again.
6. Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. Because we do not engage in cross-site tracking and do not set advertising cookies, DNT signals do not change how the Service operates.
7. Changes to This Policy
We may update this Cookie Policy from time to time, for example if we add a new sub-processor or change a cookie's purpose or duration. When we make material changes, we will update the "Last updated" date and, where required by law, provide additional notice (such as an in-app message or email).
8. Contact Us
If you have questions about this Cookie Policy or how we use cookies, contact:
Noydo (operated by Oktay Kırık) Email: privacy@noydo.com