Skip to content
Trust

Cookies and browser storage

A plain-English summary of the cookies and browser storage Crumb uses across the marketing site, the dashboard and guest menus. We do not currently use advertising, cross-site tracking, session replay, or third-party analytics on Crumb pages.

Effective · Last updated · Version 2026-07-10.2

Supabase authentication token

Strictly necessary
Where
Dashboard (crumb.menu, when signed in)
Purpose
Keeps you signed in to your workspace.
Storage
Browser localStorage, key set by the Supabase JavaScript SDK.
Retention
Until sign-out or session expiry.

Menu language and appearance preferences

Functional
Where
Guest menus and dashboard
Purpose
Remembers the guest's selected language and small UI preferences (for example dark/light).
Storage
Browser localStorage.
Retention
Until the user clears their browser data.

Per-tab guest-menu session identifier

Functional
Where
Guest menus (m.*)
Purpose
Pseudonymous per-tab identifier so restaurants can see aggregate menu analytics (dish opens, filter usage). Not linked to a name, email or device.
Storage
Browser sessionStorage.
Retention
Cleared automatically when the tab closes.

Per-tab founding-pilot session identifier

Functional
Where
Founding-pilot marketing pages
Purpose
Pseudonymous per-tab identifier used to measure funnel steps on the founding-pilot pages (page view, CTA click, application start/complete). Not linked to a name, email or device.
Storage
Browser sessionStorage.
Retention
Cleared automatically when the tab closes.

Signed-in session token

Functional
Where
Dashboard and other signed-in areas
Purpose
Keeps you signed in between page loads once you sign in to your workspace. Set only after you sign in — never on public marketing pages or guest menus.
Storage
Browser localStorage.
Retention
Until you sign out or clear your browser data.

Paddle checkout cookies

Third party
Where
Checkout overlay on pricing pages
Purpose
Set by Paddle during checkout for payment processing, fraud prevention and tax handling. Paddle acts as an independent controller — see Paddle's own privacy notice.
Storage
Cookies set by Paddle on its own domains.
Retention
Governed by Paddle.

Google sign-in

Third party
Where
Only when a user clicks 'Sign in with Google'.
Purpose
Google's own OAuth flow may set cookies on Google's domains for authentication and abuse prevention.
Storage
Cookies set by Google on its own domains.
Retention
Governed by Google.

Managing cookies and storage

You can clear cookies and browser storage at any time from your browser's settings. Clearing the Supabase authentication token will sign you out of the dashboard. Clearing menu preferences will reset language and appearance choices. Closing a guest-menu tab automatically clears the per-tab session identifier.

Payment-related cookies set by Paddle during checkout, and authentication cookies set by Google when you use Google sign-in, are governed by those providers' own policies.

Related documents: Privacy Notice · Subprocessors · Security

Questions? privacy@crumb.menu