New: CheckVibe MCP server — scan from Claude Code and Cursor nativelyRead the docs
Last updated: May 17, 2026 (v2.0)
This Cookie Policy explains how CheckVibe (“we,” “us,” or “our”) uses cookies and similar storage technologies on the checkvibe.dev website and the related platform (the “Service”), and what choices you have about their use. This Policy supplements, and should be read together with, our Privacy Policy and Terms of Service.
“Cookies” are small text files placed on your device by a website that you visit. They are widely used to make websites work, to make them work more efficiently, to remember preferences, and to provide site operators with information. We use the term “cookies” in this Policy to refer to cookies and other similar browser-storage and device-storage technologies, including HTML5 localStorage, sessionStorage, IndexedDB, pixel tags, web beacons, service workers, and similar mechanisms used by us or our subprocessors.
Cookies may be “session” cookies (deleted when you close your browser) or “persistent” cookies (remaining on your device until they expire or are deleted). Cookies may be set by us (“first-party cookies”) or by third-party services we engage (“third-party cookies”).
CheckVibe's own website and dashboard use only cookies that are strictly necessary for the operation of the Service. We do not use advertising cookies, retargeting pixels, or cross-site behavioral-tracking cookies on our own properties.
| Name / Pattern | Purpose | Category | Duration |
|---|---|---|---|
| sb-*-auth-token | Authentication session managed by Supabase. Stores your encrypted login session so you stay signed in across page loads. | Strictly Necessary | Up to 7 days (sliding) |
| sb-*-auth-token.0, .1, ... | Chunked authentication cookies used when the encrypted session token exceeds a single cookie's size limit. Same purpose as above. | Strictly Necessary | Up to 7 days (sliding) |
| cv-consent | Records that you have acknowledged our cookie banner so we do not re-display it on every page load. | Strictly Necessary | Up to 12 months |
| cv-csrf, __Host-csrf | Cross-site request forgery (CSRF) protection. Helps prevent malicious sites from submitting requests on your behalf. | Strictly Necessary | Session |
| localStorage / sessionStorage | In-browser storage used to cache UI state (such as your dashboard layout, draft form input, and feature-flag values) so the Service feels responsive. | Strictly Necessary | Until you clear browser storage |
The exact cookie names may vary by environment. The full set of cookies issued during a session is visible in your browser's developer tools.
These cookies are essential for the website and Service to function and cannot be switched off in our systems. They are set in response to actions you take that constitute a request for service (logging in, filling in forms, saving project settings, navigating the dashboard). Without these cookies, the Service cannot operate. These cookies do not store any personally identifiable information beyond what is necessary for the requested service. Under the ePrivacy Directive (Art. 5(3)) and equivalent national implementations, these cookies are exempt from consent requirements.
We currently do not set any optional functional or preference cookies on our own website and dashboard beyond those required to operate the Service.
We do not currently deploy third-party analytics cookies (such as Google Analytics or Mixpanel) on our public website. Where we use product analytics inside the authenticated dashboard (for example, PostHog), this is configured to operate without cross-site tracking cookies and to minimize personal data. If we later introduce analytics cookies that require consent, we will request your consent through the cookie banner before they are set.
We do not serve advertising, run remarketing or retargeting campaigns, or use advertising cookies, conversion pixels, or interest-based advertising tags on our own properties. We do not allow third-party advertising networks to collect data on our website.
We do not embed third-party social-media plug-ins (such as “Like” or “Share” widgets) that would set third-party cookies on our domain.
When you interact with our payment flow, Stripe (our payment processor) may set its own cookies on the stripe.com domain to process your payment, prevent fraud, and provide its service. Those cookies are controlled by Stripe and are governed by Stripe's Cookie Policy and Privacy Policy. CheckVibe has no control over these third-party cookies.
Service-provider cookies set by infrastructure providers (such as Vercel for hosting and Supabase for authentication) are first-party in nature when they appear on our domain. They support availability, security, and authentication and are necessary for the Service.
CheckVibe offers an optional threat-detection JavaScript snippet that customers may install on their own websites to detect malicious traffic, bots, and abuse. This script does not place persistent advertising cookies or build cross-site advertising profiles. It may use short-lived first-party cookies or browser-storage values on the customer's site to persist a request fingerprint, detect repeat probes, or rate-limit suspicious clients.
Customer responsibility. If you (the customer) deploy this script on your site, you are responsible for disclosing its use in your own privacy and cookie notices and, where required by the ePrivacy Directive, GDPR, CCPA/CPRA, or other applicable law, for obtaining the appropriate consent from your visitors before the script reads from or writes to their device. CheckVibe acts as your processor for this data; see our Data Processing Addendum.
Because we only use strictly necessary cookies on our own properties, disabling them will prevent you from logging in and using CheckVibe. If you still wish to manage cookies, you can do so through your browser settings:
You can also opt out of certain online tracking through industry portals such as Your Online Choices (EU), NAI (US), and DAA (US). These industry opt-outs do not apply to strictly necessary cookies and do not opt you out of authentication on our Service.
Please note that blocking strictly necessary cookies will impair the functionality of our Service, including your ability to sign in, run scans, and access your dashboard.
Different browsers offer “Do Not Track” (DNT) and Global Privacy Control (GPC) signals that let you express a privacy preference. Because we do not engage in cross-context behavioral advertising and we do not sell personal data, these signals do not change the strictly necessary cookies we use. To the extent required by applicable law (including the CCPA/CPRA as interpreted by the California Attorney General), we treat a GPC signal as a valid opt-out request for any future processing that would be subject to opt-out under that law.
The cookies we set on our own website are strictly necessary to provide the Service you have requested. Under Article 5(3) of the ePrivacy Directive 2002/58/EC and its national implementations, strictly necessary cookies are exempt from consent requirements. We therefore do not require a separate opt-in for these cookies. We display a one-time banner acknowledging cookie use and linking to this Policy.
If, in the future, we introduce optional analytics, functional, or marketing cookies, we will request your explicit consent through a consent-management mechanism before any such cookie is set, and you will be able to withdraw consent at any time.
We may update this Cookie Policy from time to time to reflect changes in technology, law, our business practices, or for other operational, legal, or regulatory reasons. The current version is always available at checkvibe.dev/cookies with a “Last updated” date and version number. For material changes (such as the introduction of new categories of cookies), we will provide reasonable notice and, where required, request consent before such cookies are deployed.
If you have questions about our use of cookies or similar technologies, contact us at support@checkvibe.dev.
See also: Privacy Policy · Terms of Service · DPA · Subprocessors
