1. What is a cookie
A cookie is a small text file stored by your browser when you visit a site. Similar technologies include local storage, session storage, and small pixel-based identifiers. Together, these are often called "cookies" in plain language.
2. Cookies we set today
The cookies and similar technologies currently used by Invoset are listed below. We do not currently run third-party analytics or marketing cookies.
| Name | Provider | Purpose | Duration | Category |
|---|---|---|---|---|
| sb-<ref>-auth-token | Supabase | Authenticated session | 1 hour, refreshed automatically | Strictly necessary |
| sb-<ref>-auth-token-code-verifier | Supabase | OAuth PKCE flow | 10 minutes | Strictly necessary |
| invoset_cookie_consent | Invoset | Stores your consent choice | 12 months | Strictly necessary |
| __stripe_mid, __stripe_sid | Stripe | Fraud prevention on the checkout page | 1 year / 30 minutes | Strictly necessary |
If we add analytics or marketing cookies in the future, this table will be updated and the cookie banner will require your consent before any non-essential cookies load.
3. Categories explained
Strictly necessary
Required for the site and app to function. These cannot be turned off through the consent banner because the service would break. All cookies in the table above are in this category.
Analytics
Invoset does not currently run third-party analytics on its public site or dashboard. If we add a privacy-respecting analytics provider in the future, we will update this policy and require consent before any non-essential analytics cookies load.
Marketing
Invoset does not run third-party advertising, retargeting, or cross-context behavioral marketing cookies. We may use first-party UTM parameters in our own outbound emails for campaign attribution, but no third-party marketing identifiers are set on visitors.
4. Your choices
- Use the cookie banner to accept or decline non-essential cookies on first visit
- Reopen your preferences from the link in the footer of any page
- Block or delete cookies in your browser settings
- Send us a request to delete identifiers tied to your account
Note: blocking strictly necessary cookies may break authentication and core functionality.
5. California rights: sale, sharing, and sensitive personal information
We do not sell personal information, and we do not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act. We do not knowingly process Sensitive Personal Information for any purpose that requires a Right to Limit mechanism.
If you are a California resident and would like written confirmation of our practices, or would like to submit a verifiable request to know, delete, correct, or limit the use of your personal information, email legal@invoset.com with the subject line "CCPA Request". We respond within 45 days as required by §1798.130.
6. Changes
We may update this Cookie Policy as we add or remove tools. The "Last updated" date will reflect any changes.
7. Contact
Questions about this Cookie Policy: write to legal@invoset.com.