Markletbeta
Sign in

Cookie Policy

Last updated: 21 March 2026

Marklet does not use third-party tracking cookies or advertising cookies. We use minimal browser storage strictly necessary to operate the service.

1. What are cookies?

Cookies are small text files stored by your browser when you visit a website. We also use localStorage - a similar browser storage mechanism that persists between sessions without expiry. This policy covers both.

2. What we store and why

We use the following types of browser storage:

Authentication cookies (Supabase Auth)

  • What: HTTP-only session cookies set by Supabase Auth after you sign in.
  • Why: Required to keep you logged in and to verify your identity on each request.
  • Duration: Session-based; refreshed automatically while you are active. Expire when you sign out or after a period of inactivity.
  • Third party: Supabase Inc. - see Supabase Privacy Policy.

Auth state (localStorage)

  • What: Your Supabase auth session token cached in localStorage by the Supabase JS client.
  • Why: Allows the app to restore your session on page reload without an additional server round-trip.
  • Duration: Cleared on sign-out or session expiry.
  • PII stored: User ID and authentication token only - no name, email, or other personal data.

Session cookie (marklet_token)

  • What: An HTTP-only, Strict-SameSite cookie set by Marklet's server when you sign in.
  • Why: Allows the server to verify your identity before delivering protected application code (JavaScript files for authenticated pages). This prevents unauthenticated crawlers from downloading private parts of the application.
  • Duration: 1 hour; refreshed automatically when your session token rotates. Cleared on sign-out.
  • PII stored: Contains your short-lived access token only - the same credential already held in localStorage by the Supabase client.

Block preferences (localStorage)

  • What: Your currently selected block workspace, stored by the Marklet UI.
  • Why: Remembers which building workspace you were last working in so you don't have to re-select it on every visit.
  • Duration: Persists until you clear your browser storage or sign out.
  • PII stored: Block ID (an internal identifier) only - no personal data.

3. What we do NOT use

  • No advertising or marketing cookies.
  • No third-party analytics services (e.g. Google Analytics, Mixpanel, Hotjar).
  • No social media tracking pixels.
  • No cross-site tracking of any kind.

Our internal analytics track only which pages are visited within the app. No IP addresses, device fingerprints, or location data are recorded.

4. Legal basis

The authentication cookies and localStorage entries described above are strictly necessary for the service to function. Under the UK Privacy and Electronic Communications Regulations (PECR), strictly necessary cookies do not require explicit consent. We do not set any non-essential cookies.

5. How to control or delete cookies

Since all storage we use is strictly necessary, disabling it will affect your ability to use Marklet (you will not be able to stay signed in). You can manage cookies and localStorage through your browser settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

You can also clear Marklet's localStorage manually via your browser's Developer Tools (Application → Local Storage → marklet.io → Clear all).

6. Changes to this policy

We will update this policy if we introduce new storage mechanisms. Any material changes will be communicated via an in-app notice before they take effect.

Questions about cookies or browser storage? Contact us at privacy@marklet.io.