Cookie Notice

a cookie is a small piece of data a website asks your browser to store. it can hold a session token, a preference, or an analytics identifier. some live for one tab, some for a year. browsers also have similar tools called localStorage and sessionStorage. for the purposes of this notice we treat all of them together as "cookies and similar storage".

we use plain-language categories below: strictly necessary (you cannot use the site without these), analytics (we count visits, anonymously), and third-party (set by services we embed, like Stripe for payments).

1. Strictly necessary, first-party.

• Supabase auth tokens stored in your browser localStorage (keys beginning with sb-). this is how we keep you logged in across page loads. without these you cannot sign in. they are removed when you log out or clear your browser storage.
• Cloudflare bot management may set __cf_bm automatically. this protects the site from bots and abuse. it expires within 30 minutes of inactivity and contains no tracking identifier across sites.

2. Analytics, cookieless.

• Cloudflare Web Analytics on public pages. our hosting provider Cloudflare measures aggregate visit counts at the edge level. this is cookieless and uses no persistent identifier in your browser. we see counts like "the homepage was visited 200 times today" and rough request volumes. we do not see who you are, only that someone visited a given page. there is no script storing anything in your browser for this.

some pages embed services from other companies. those services may set their own cookies when you interact with them. we do not control these cookies. we link to each company's privacy notice so you can read theirs directly.

• Cloudflare Stream serves our films. Cloudflare Stream is part of our hosting infrastructure (we use Cloudflare for the whole site). it does not set advertising or tracking cookies. video delivery uses Cloudflare's standard CDN infrastructure. you can read Cloudflare's privacy policy.
• Stripe handles subscription payments. when you check out for a paid plan, Stripe Checkout loads on the payment step and may set its own cookies for fraud prevention and session continuity. read Stripe's cookie policy.
• Anthropic powers the weaver and Pro Search. requests go through our server, so Anthropic does not set cookies in your browser.

to be clear about what we are not doing:

• no Google Analytics, Google Tag Manager, or any Google tracking
• no Facebook Pixel, Meta tracking, or social-media trackers
• no Hotjar, Mixpanel, Amplitude, PostHog, Segment, or session-replay tools
• no advertising or retargeting cookies, anywhere, ever
• no cross-site tracking
• no selling, sharing, or trading of any data with advertisers

browser controls. you can block, delete, or limit cookies and storage in your browser settings. blocking strictly-necessary cookies will break login. blocking third-party cookies may affect Stripe checkout.

logging out. logging out clears your Supabase auth tokens.

opting out of analytics. Cloudflare Web Analytics is cookieless and measured at the edge, so there is no individual identifier to opt out of. requests to the site that Cloudflare routes are counted in aggregate regardless of browser settings. if you want to avoid being counted, you would need to avoid loading reweave pages.

do not track. we honor browser Do Not Track signals where reasonably possible. given that we do not run any cross-site tracking in the first place, DNT does not change much for reweave specifically.

under the EU ePrivacy Directive and UK PECR, websites must obtain consent before storing non-essential cookies. our position:

• strictly necessary cookies and storage (Supabase auth, Cloudflare bot management) are exempt from consent under the standard ePrivacy carve-outs.
• Cloudflare Web Analytics is measured at the edge level with no client-side cookie and no persistent identifier, so it does not require consent under most EU regulators' guidance.
• Stripe only loads when you check out for a subscription. films are served via Cloudflare Stream which is part of our existing infrastructure and does not require a separate affirmative action to load. we are evaluating a more formal consent surface for EU visitors as the platform grows.

if you are an EU or UK resident and want to exercise your rights to access, delete, or restrict data, email [email protected]. our privacy policy explains the full set of rights and our response process.

if we add a new third-party service or change how we use cookies and storage, we will update this page and bump the date at the top. continued use of reweave after a change means you accept the updated notice.

questions about cookies, storage, or anything related: [email protected]