Pactbound

Cookie Policy

Effective: April 13, 2026. DMG L&D, LLC, a Florida limited liability company.

1. Overview

Pactbound uses only strictly necessary cookies. We do not use advertising cookies, analytics cookies, tracking pixels, social media cookies, or any other cookies that are not essential to the operation of the Service. This Cookie Policy explains exactly what cookies we set, why we set them, and how long they last.

2. What Are Cookies

Cookies are small text files placed on your device by a website when you visit. They are stored in your browser and sent back to the originating website on subsequent visits. Cookies serve different purposes: some are essential for a website to function, others are used to remember your preferences, and others are used to track your behavior across websites for advertising purposes. Pactbound uses only the first category: "strictly necessary" cookies.

3. Cookies We Set

The following cookies are set by Pactbound and its authentication provider (Supabase), and are first-party (set on the pactbound.com domain). One exception: hCaptcha, our bot-protection provider, may set its own cookies on its own domain when a challenge is displayed on the signup, login, or acknowledgment forms. Those are strictly necessary to prevent automated abuse.

sb-[project-ref]-auth-token

Purpose
Stores your encrypted Supabase Auth session token. Required to keep you logged in between page requests. Set by Supabase Auth (SSR) on the pactbound.com domain.
Duration
Session / up to 1 hour (refreshed automatically on activity)
Type
Strictly necessary

sb-[project-ref]-auth-token.0

Purpose
Overflow chunk for the auth session token when the cookie payload exceeds 4KB. Works in conjunction with the primary auth token cookie. Only set when the session data requires chunking.
Duration
Session / up to 1 hour
Type
Strictly necessary

sb-[project-ref]-auth-token.1

Purpose
Additional overflow chunk, same purpose as the .0 variant. Only set when required.
Duration
Session / up to 1 hour
Type
Strictly necessary

4. Why These Cookies Are Strictly Necessary

Authentication session cookies are required for the Service to function. Without them, you cannot log in, create handoffs, access your dashboard, or perform any authenticated action. The Service cannot be provided without these cookies. There is no less privacy-invasive alternative to maintaining an authenticated session across page requests in a server-rendered web application. These cookies contain no personal data: they contain only an encrypted, opaque session identifier. The actual session data is stored server-side in our Supabase database and is never written into the cookie itself.

5. What We Do NOT Use

  • No Google Analytics, Google Tag Manager, or any Google tracking scripts.
  • No Facebook Pixel, Meta Events, or any Meta tracking.
  • No advertising networks or demand-side platforms (DSPs).
  • No cross-site tracking cookies.
  • No third-party session recording tools (Hotjar, FullStory, etc.).
  • No A/B testing platforms that set cookies.
  • No social media share buttons that track you across sites.
  • No browser fingerprinting for tracking, profiling, or advertising. Our bot-protection provider (hCaptcha) analyzes device and interaction signals solely to tell humans from bots on the signup, login, and acknowledgment forms.

6. No Cookie Consent Banner Required

Under the EU ePrivacy Directive (implemented in EU member state laws) and the UK PECR, cookies that are "strictly necessary" for a service explicitly requested by the user are exempt from the requirement to obtain prior consent. Because Pactbound sets only strictly necessary authentication cookies, we do not display a cookie consent banner. This is a deliberate policy choice, not an oversight.

7. Browser Storage (Not Cookies)

In addition to cookies, Pactbound may use browser localStorage or sessionStorage for temporary application state: for example, preserving draft handoff form state between page reloads or storing UI preferences. This data is stored only on your device, is never transmitted to our servers independently, and does not identify you. You can clear this data at any time through your browser's developer tools or storage settings.

8. How to Control Cookies

All modern browsers allow you to view, manage, and delete cookies. You can also configure your browser to refuse cookies. Note that blocking authentication cookies will prevent you from logging into Pactbound. Instructions for managing cookies in common browsers:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Settings → Safari → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions → Cookies and site data

9. Do Not Track

Some browsers offer a "Do Not Track" (DNT) signal. Because Pactbound does not track users for advertising or analytics purposes, DNT signals do not change the behavior of our cookies. We already operate at the privacy level DNT signals request.

10. Changes to This Policy

If we change the cookies we use: for example, if we add analytics tools in the future: we will update this Cookie Policy and, if the new cookies are not strictly necessary, implement an appropriate consent mechanism before setting them. The effective date above reflects the current version.

11. Contact

For questions about this Cookie Policy, contact privacy@pactbound.com. DMG L&D, LLC, a Florida limited liability company.