Cookies and local storage
SupplierMafia uses a small number of cookies and browser storage entries to keep you signed in, remember your preferences, and speed up the dashboard. We do not use third-party advertising or analytics cookies.
1. What is a cookie?
A cookie is a small file that a website stores on your device. Cookies and the related "local storage" mechanism let a site remember information between visits. We use only the minimum needed to run the platform.
2. Cookies and storage we use
Authentication (Supabase)
When you sign in, Supabase Auth sets a session cookie or local-storage entry that proves you are signed in for the rest of your visit. Without it you would need to log in on every page load. These entries are essential and cannot be disabled if you want to use the platform.
| Name | Purpose | Lifetime |
|---|---|---|
| sb-*-auth-token | Keeps you signed in. Set by Supabase Auth. | Session, refreshed automatically |
| sb-*-refresh-token | Renews the auth token without making you log in again. | Until sign-out |
Preferences and cache
The platform writes a handful of entries to your browser's local storage to remember preferences and speed up the dashboard. Everything below stays on your device. Nothing here is sent to a third party.
| Name (or pattern) | Purpose | Lifetime |
|---|---|---|
| sm_dark | Your dark-mode choice. | Until you clear it |
| sm_muted | Whether you muted the notification ping. | Until you clear it |
| sm_active_sid, sm_admin_active_cid, sm_supplier_active_bid | The conversation you last had open, so a refresh lands you back in the same chat instead of the dashboard root. | Session |
| sm_sidebar_collapsed, sm_conv_list_collapsed, sm_supplier_conv_list_collapsed, sm_supplier_panel_collapsed | Whether you've collapsed the navigation or chat-list sidebars. | Until you clear it |
| sm_draft:<id>, sm_supplier_draft:<id> | Half-typed messages so closing or refreshing the tab doesn't lose what you were writing in each conversation. | Until you send the message or clear it |
| sm_ann_last_seen, sm_supplier_ann_last_seen, sm_activity_last_seen_v1, sm_supplier_activity_seen, sm_admin_activity_seen | Watermarks for announcements + activity bells so the unread counters reflect what you've already viewed and new signups start with a clean slate (not flagged as unread for everything older than their signup time). | Until you clear it |
| sm_cache_*, sm_sup_*, sm_adm_* | Cached supplier, conversation, and invoice lists so the dashboard paints instantly on the next mount instead of waiting for the network. | Up to 5 minutes per entry |
| __sm_ls | Health check the app runs on startup to confirm local storage is writable. The entry is removed immediately after the check. | A few milliseconds |
If we add a new preference key we will add it to this table on the next material update. None of these entries are tracking devices — they're all per-tab functional storage.
3. Analytics cookies (optional, opt-in only)
We run Google Analytics 4 to understand how the platform is used in aggregate. Analytics is configured with Google Consent Mode v2, defaulting every storage category to "denied". Nothing is set on your device or sent to Google for analytics purposes until you click "Accept analytics" on the cookie banner that appears on your first visit. You can change your choice at any time via the "Cookie preferences" link in the site footer, or by re-loading the banner from your settings.
| Cookie (or storage key) | Set by | Purpose | Lifetime |
|---|---|---|---|
| sm_analytics_consent | SupplierMafia | Remembers your accept/reject choice for analytics cookies so the banner doesn't reappear on every visit. | Until you clear it |
| _ga, _ga_* | Google Analytics 4 | Distinguishes unique visitors and sessions, with IP anonymisation enabled. Only written after you accept analytics on the banner. We do not enable advertising, remarketing, or cross-context behavioural targeting. | 13 months (Google default; we have not extended) |
No analytics cookie is set unless you actively consent. Rejecting analytics is a one-click action on the banner, equally prominent as accepting. Your choice is stored in browser localStorage (the sm_analytics_consent key above), which is itself a functional storage entry.
4. Other third-party services
Beyond analytics, the only third-party cookies that may be set are those Supabase needs to authenticate your session. Google Sign-In, if you choose to use it, may set its own cookies on Google's domains under Google's policies.
5. Managing cookies
You can clear cookies and local storage at any time from your browser settings. If you clear the SupplierMafia entries you will be signed out and your dark-mode and notification preferences will reset to defaults. Most browsers also let you block cookies for specific sites; doing so for SupplierMafia will prevent you from signing in. To re-open the analytics consent banner without clearing anything, click "Cookie preferences" in the site footer.
6. Changes to this notice
If we add or change cookies materially we will update this page and the "Last updated" date at the top.
7. Contact
Questions? Email hello@suppliermafia.com.