1. What cookies are
Cookies are small text files stored on your device when you visit a website. Similar technologies include local storage, session storage, and web beacons. Cookies can be “first-party” (set by us) or “third-party” (set by a service we embed). They can also be “session” (deleted when you close the browser) or “persistent” (remain for a defined period).
2. The cookies we use today
We currently use only strictly necessary cookies. These are required for the site to function, so consent is not required under EU and UK law — but we disclose them here for transparency.
| Cookie / storage | Set by | Purpose | Duration |
|---|---|---|---|
sb-*-auth-token | Supabase (first-party) | Keeps you signed in to the client portal | 1 hour (rotating) |
locale | GFC Scale (first-party) | Remembers your language preference (en / es) | 1 year |
gfc-consent | GFC Scale (first-party) | Stores your cookie consent choice so we do not ask again | 12 months |
Stripe cookies (set on checkout.stripe.com only) | Stripe (third-party) | Fraud prevention and payment session continuity | Up to 1 year — see Stripe’s cookie policy |
3. Cookies we may add in the future
We do not currently use analytics, advertising, or social-media cookies. If we add any of these in the future, we will:
- Update this policy and the cookies table above;
- Surface a cookie consent banner that asks for your explicit consent before any non-essential cookie is set; and
- Give you an “Accept,” “Reject all,” and per-category choice with equal prominence.
4. How to manage cookies
You can manage your cookie preferences here at any time:
You can also block or delete cookies through your browser settings. Most browsers let you refuse all cookies, refuse third-party cookies only, or delete existing cookies. The links below explain how:
Blocking strictly necessary cookies will prevent parts of the Services from working (for example, you may not be able to sign in to the client portal).
5. Do Not Track and Global Privacy Control
We honour the Global Privacy Control (GPC) signal sent by your browser as an opt-out of sale or sharing under California law. Because we do not currently sell or share personal data, the practical effect is the same — but the signal is recorded.
6. Changes to this policy
We’ll update this page when our cookie use changes. Check the “Last updated” date above to confirm you are reading the current version.
7. Questions
legal@gfcscale.com. See also our Privacy Policy.