Cookie Policy
This policy explains the cookies and similar local‑storage technologies pomela uses, why we use them, and how you control them. It supplements the Privacy Policy.
1 · What these technologies are
A cookie is a small text file a site stores in your browser. We also use localStorage and IndexedDB: browser stores that keep data on your device and are never sent automatically to a server. We group all of these as “cookies” below for simplicity.
2 · How we use them
We keep this deliberately small. pomela uses strictly‑necessary storage to work at all, and a thin layer of anonymous, aggregate analytics. We do not use advertising cookies, cross‑site trackers, or third‑party marketing pixels.
3 · The cookies we set
| Name / key | Type | Purpose | Lifespan |
|---|---|---|---|
vs_session | Strictly necessary | Your signed‑in session (HttpOnly, first‑party). Without it you cannot stay logged in. | ~30 days |
vs_device | Strictly necessary | A device credential that ties your locally‑built apps to this browser before you sign in, and that powers abuse rate‑limits. | ~1 year |
pomela:* / vs:creator:* (localStorage) | Strictly necessary | Your consent choice, theme, language, onboarding state, and the list of apps you’ve built on this device. | Until cleared |
| Anonymous usage events | Analytics (optional) | Aggregate counts (apps generated, sign‑ins, crashes) keyed to a random device id, never your name, email, or app content. Used only to keep the product reliable. | Rolling |
4 · Your consent & choices
On your first visit we show a consent banner. Strictly‑necessary storage is always on (the product cannot function without it, and it is exempt from consent under the ePrivacy rules). The optional analytics layer is enabled only if you accept; choosing “Essential only” keeps it off.
- Change your mind: clear this site’s data in your browser to re‑trigger the banner, or adjust analytics in Settings.
- Browser controls: every major browser lets you block or delete cookies and site data. Blocking the strictly‑necessary ones will sign you out and may break parts of the app.
- Do Not Track / Global Privacy Control: we honour a GPC signal by defaulting the optional analytics layer to off.
5 · Third parties
A few infrastructure providers may set their own strictly‑necessary cookies when you use pomela: Cloudflare (edge delivery and bot protection) and Supabase (authentication and storage). Apps you build may load their own resources; you control what your app includes. We do not embed advertising or social‑media trackers. See our Sub‑processors list.
6 · Apps you build
Apps generated with pomela store their end‑users’ data under per‑user isolation (see the Data Processing Agreement). If your app sets its own cookies or storage, you are the controller for that and are responsible for your app’s own cookie disclosure.
7 · Changes
If we add or change a cookie we’ll update this page and, where the change is material, re‑surface the consent banner. Questions: [email protected].