Cookie Policy
Last updated: 2026-06-18
1. What are cookies?
Cookies are small text files that a website stores in your browser to remember information between page loads and sessions.
2. Cookies we use
EloLin uses only strictly necessary cookies. Because we are a passwordless service, session cookies are the only mechanism that keeps you signed in — there is no password-based alternative.
| Name | Purpose | Duration | Type |
|---|---|---|---|
| sb-<ref>-auth-token | Supabase session JWT — keeps you signed in across pages and products on *.elolin.com. | ~1 week | Strictly necessary |
| sb-<ref>-auth-token-code-verifier | PKCE code verifier used during the OAuth sign-in flow to prevent interception attacks. Deleted immediately after sign-in completes. | Minutes (OAuth flow only) | Strictly necessary |
Both cookies are set with the following security attributes: HttpOnly (not accessible from JavaScript), Secure (HTTPS only), SameSite=Lax (protects against CSRF), and scoped to Domain=.elolin.com.
3. Third-party cookies
We do not set third-party advertising or tracking cookies. When you sign in via Google or GitHub, those providers may set their own cookies on their respective domains — those are governed by their own privacy policies and are outside our control.
Cloudflare Web Analytics — the tool we use for page-view statistics — is cookieless by design and does not set any cookies.
4. How to disable or delete cookies
You can clear cookies through your browser's settings at any time. However, deleting the auth cookies above will sign you out of all EloLin products. Because sign-in requires a session cookie, disabling cookies entirely will prevent you from using the service.
5. Updates to this policy
If we add new cookies, we will update this page and notify you in the app. The updated policy takes effect immediately upon posting.
Questions? hello@elolin.com.