Your current choice is stored on your device and can be changed at any time from Settings. Withdrawing consent is as easy as giving it.
1. What is a cookie?
A cookie is a small piece of text your browser stores when it visits a website. It lets the website recognise you on later visits, keep you logged in, or remember your preferences. In this document we also cover localStorage, sessionStorage and similar browser-storage mechanisms — they work differently technically but raise the same privacy questions, so we treat them together.
2. Categories we use
We group everything we set into two categories. The distinction matters because only the second requires your consent under EU law.
2.1 Strictly necessary (no consent required)
These items are required to deliver the Service you asked for — logging in, processing a payment, remembering your cookie choice. We set them regardless of your consent state, as allowed by Article 82 of the French Loi Informatique et Libertés (and equivalents across the EU).
| Name | Purpose | Storage | Duration | Set by |
|---|---|---|---|---|
| sb-<project>-auth-token | Authenticated session (JWT) | Cookie | 1 hour, auto-refreshed | Supabase |
| sb-<project>-refresh-token | Session refresh (keeps you logged in) | Cookie | Up to 30 days | Supabase |
| nexus-cookie-consent | Remembers your cookie choice | localStorage | Until you clear it or revoke | Nexus Trade |
| __stripe_mid, __stripe_sid | Fraud prevention during checkout | Cookie | __stripe_mid: 1 year; __stripe_sid: 30 min | Stripe |
| theme, locale (future) | UI preferences (dark mode, language) | localStorage | Until cleared by user | Nexus Trade |
None of these items are shared with third parties for advertising or profiling. Stripe's fraud-prevention cookies are set only on the billing and pricing pages where Stripe.js runs.
2.2 Non-essential — opt-in only
These items are never set unless you have explicitly clicked "Accept all" on the cookie banner. They are removed if you later choose to revoke consent.
| Name | Purpose | Storage | Duration | Set by |
|---|---|---|---|---|
| sentry-* | Captures JavaScript errors and stack traces so we can fix bugs | Cookie / localStorage | Session or short-lived (under 30 days) | Sentry |
We do not currently run analytics (no Google Analytics, no Plausible, no Mixpanel), no advertising cookies, no social-network pixels. If we add any, we will update this page and re-prompt you for consent.
3. Third-party sources
Some cookies listed above are set by third parties through code running on our site:
- Supabase (authentication) — set only when you log in. supabase.com/privacy
- Stripe (payments) — set only on pages where Stripe.js runs (checkout, pricing). stripe.com/privacy
- Sentry (errors, optional) — active only after explicit consent. sentry.io/privacy
4. How to change your choice
Three ways, each as effective as the others:
- Open Settings from your account menu — the cookie section lets you re-show the banner or switch your choice.
- Clear the
nexus-cookie-consentkey from localStorage in your browser's DevTools. The banner will reappear on the next page load. - Use your browser's built-in cookie controls to block or delete cookies. Note that blocking strictly-necessary cookies (the Supabase auth cookies in particular) will stop you from logging in — this is technical, not something we control.
5. "Do Not Track" and Global Privacy Control
The Do Not Track (DNT) header is not a reliable signal and is ignored by most websites. We do not rely on it alone; your cookie-banner choice always takes precedence.
We treat the newer Global Privacy Control (GPC) signal, when sent by your browser, as an opt-out from non-essential cookies — equivalent to pressing "Reject non-essential" on the banner.
6. Changes to this policy
If we add or remove cookies, we will update this page and, for material changes, bump the consent version so the banner reappears to request fresh consent. The "Last updated" date at the top always reflects the most recent substantive change.
7. Contact
Questions about this policy or about a specific cookie you've seen on our site? Write to privacy@nexustradestudio.com.