Cookie policy
Everything intle stores in your browser, who sets it, how long it lasts, and which items need your consent — under the Privacy and Electronic Communications Regulations 2003 (PECR) and ICO guidance.
Last updated: 11 June 2026 · Policy version 1
What cookies are
Cookies are small files a website stores in your browser; the same rules cover similar storage such as localStorage and sessionStorage, which we list below too. Strictly necessary items work without consent because the service you asked for cannot function without them. Everything else stays off until you opt in — and “Reject all” is always one click, with the site fully functional afterwards.
Strictly necessary cookies
| Name | Set by | Lifetime | Purpose | Category & justification |
|---|---|---|---|---|
| sb-*-auth-token (and PKCE verifier) | Supabase (first-party) | About 1 week, refreshed while signed in | Keeps you signed in securely. | Strictly necessary. Authentication — PECR Reg 6(4) exemption. |
| intle-activity | intle (first-party, HttpOnly) | Up to the session's absolute timeout window | Enforces idle and absolute session timeouts for account security. | Strictly necessary. Security of the service you requested. |
| intle-consent | intle (first-party) | 6 months | Remembers your cookie choices so we don't re-ask on every visit. | Strictly necessary. Storing a consent decision is itself exempt. |
| sidebar_state | intle (first-party) | 7 days | Remembers whether the app sidebar is open or collapsed. | Strictly necessary. User-interface preference you set. |
| Cloudflare Turnstile challenge | Cloudflare (challenges.cloudflare.com) | Minutes (challenge-scoped) | Bot and fraud prevention on the sign-in and sign-up forms only. Loads when you open those forms, never on ordinary browsing. | Strictly necessary. Fraud prevention / security for the sign-in you requested. |
Strictly necessary browser storage
| Name | Set by | Lifetime | Purpose | Category & justification |
|---|---|---|---|---|
| theme | intle (localStorage) | Until cleared | Light/dark mode preference. | Strictly necessary. User preference. |
| intle:session-sounds-enabled | intle (localStorage) | Until cleared | Remembers your sound on/off choice in live sessions. | Strictly necessary. User preference. |
| intle-editor-seen · intle_first_gen_celebrated · intle_generator_toured | intle (localStorage) | Until cleared | One-time UI hints (first-visit tour, one-off celebration) so we never repeat them. | Strictly necessary. UI state; no tracking, never sent anywhere. |
| intle_generator_design_pulsed · intle_sticky_cta_dismissed | intle (sessionStorage) | Until the tab closes | Per-tab UI state (dismissed banner, one-off animation). | Strictly necessary. UI state; no tracking. |
| intle_pending_brief · intle_pending_templates | intle (sessionStorage) | Until the tab closes | Carries the course brief and template selection you typed across the sign-up redirect so you don't lose your work. | Strictly necessary. Strictly necessary to deliver the action you explicitly started. |
Performance & analytics — only with your consent
| Name | Set by | Lifetime | Purpose | Category & justification |
|---|---|---|---|---|
| Vercel Analytics (script + beacon, cookieless) | Vercel (va.vercel-scripts.com) | No cookie set | Aggregate page views and product events (e.g. which CTA was clicked). | Analytics. Loads only after you opt in. |
| Vercel Speed Insights (script + beacon, cookieless) | Vercel (vitals.vercel-insights.com) | No cookie set | Core Web Vitals performance measurements. | Analytics. Loads only after you opt in. |
| intle page-view counter (first-party beacon) | intle (/api/track-view) | No cookie set | Counts marketing-page views. We store a one-way hash of your IP address and browser signature — never the raw values — to de-duplicate views. | Analytics. Fires only after you opt in. |
| Sentry session replay (error-only) | Sentry (browser SDK) | No tracking cookie | When an error occurs, a fully-masked replay (all text, inputs and media hidden) helps us fix it. | Analytics. Enabled only after you opt in. If you withdraw consent mid-visit, replay stops on the next page load. |
Marketing
We use no marketing or advertising cookies today. The marketing toggle in our preferences exists so that if we ever add advertising measurement (for example Google Ads or LinkedIn tags), it will be opt-in from day one and listed here before it ships.
Error monitoring (not consent-based)
We use Sentry to capture application errors under our legitimate interest in keeping the service working. This sets no tracking cookies, never collects your IP address or headers by default, and every report passes through a redaction layer that strips emails, tokens and identifiers. Session replay is separate: it is consent-gated under the analytics toggle above.
Managing your preferences
Change your choices any time — we re-ask at most every six months, or sooner if this policy materially changes. We also keep a time-stamped record of consents and withdrawals (with hashed identifiers only) as required by ICO guidance. You can additionally clear or block cookies in your browser settings; blocking strictly necessary cookies will break sign-in.
Related: Privacy policy