Cookies and browser storage
A plain-English summary of the cookies and browser storage Crumb uses across the marketing site, the dashboard and guest menus. We do not currently use advertising, cross-site tracking, session replay, or third-party analytics on Crumb pages.
Effective · Last updated · Version 2026-07-10.2
Supabase authentication token
Strictly necessary- Where
- Dashboard (crumb.menu, when signed in)
- Purpose
- Keeps you signed in to your workspace.
- Storage
- Browser localStorage, key set by the Supabase JavaScript SDK.
- Retention
- Until sign-out or session expiry.
Menu language and appearance preferences
Functional- Where
- Guest menus and dashboard
- Purpose
- Remembers the guest's selected language and small UI preferences (for example dark/light).
- Storage
- Browser localStorage.
- Retention
- Until the user clears their browser data.
Per-tab guest-menu session identifier
Functional- Where
- Guest menus (m.*)
- Purpose
- Pseudonymous per-tab identifier so restaurants can see aggregate menu analytics (dish opens, filter usage). Not linked to a name, email or device.
- Storage
- Browser sessionStorage.
- Retention
- Cleared automatically when the tab closes.
Per-tab founding-pilot session identifier
Functional- Where
- Founding-pilot marketing pages
- Purpose
- Pseudonymous per-tab identifier used to measure funnel steps on the founding-pilot pages (page view, CTA click, application start/complete). Not linked to a name, email or device.
- Storage
- Browser sessionStorage.
- Retention
- Cleared automatically when the tab closes.
Signed-in session token
Functional- Where
- Dashboard and other signed-in areas
- Purpose
- Keeps you signed in between page loads once you sign in to your workspace. Set only after you sign in — never on public marketing pages or guest menus.
- Storage
- Browser localStorage.
- Retention
- Until you sign out or clear your browser data.
Paddle checkout cookies
Third party- Where
- Checkout overlay on pricing pages
- Purpose
- Set by Paddle during checkout for payment processing, fraud prevention and tax handling. Paddle acts as an independent controller — see Paddle's own privacy notice.
- Storage
- Cookies set by Paddle on its own domains.
- Retention
- Governed by Paddle.
Google sign-in
Third party- Where
- Only when a user clicks 'Sign in with Google'.
- Purpose
- Google's own OAuth flow may set cookies on Google's domains for authentication and abuse prevention.
- Storage
- Cookies set by Google on its own domains.
- Retention
- Governed by Google.
Managing cookies and storage
You can clear cookies and browser storage at any time from your browser's settings. Clearing the Supabase authentication token will sign you out of the dashboard. Clearing menu preferences will reset language and appearance choices. Closing a guest-menu tab automatically clears the per-tab session identifier.
Payment-related cookies set by Paddle during checkout, and authentication cookies set by Google when you use Google sign-in, are governed by those providers' own policies.
Related documents: Privacy Notice · Subprocessors · Security
Questions? privacy@crumb.menu