Cookie Policy
Last updated: 2026-04-30
Cookie Policy
This policy explains the cookies and similar storage that CalProof uses, why we use them, and how you can control them. CalProof is a trading name of Crocker Digital Ltd, registered in England and Wales under Company No. 17008789.
CalProof is a working tool for calibration teams, not a marketing site, so we keep our cookie use to a minimum. We do not use third-party advertising cookies and we do not use cookies to build a profile of your browsing across other websites.
1. What cookies we use
A cookie is a small text file that a website saves on your device. CalProof also uses related browser storage such as localStorage for short-lived UI preferences. For simplicity, this policy uses "cookies" to cover both.
We group the cookies and storage we use into two categories: strictly necessary, and functional. We have no analytics cookies, no advertising cookies, and no third-party tracking cookies.
2. Strictly necessary cookies
Strictly necessary cookies are required for the service to function. You cannot opt out of these without breaking the service. They are set when you sign in or when you submit a form that requires CSRF protection.
| Cookie | Purpose | Provider | Lifetime |
|---|---|---|---|
sb-access-token |
Holds the short-lived JWT that authenticates your session against the Supabase API. | Supabase (first-party) | Session |
sb-refresh-token |
Lets the app refresh your access token without forcing you to sign in again on every page load. | Supabase (first-party) | 30 days, sliding |
csrf |
A per-form CSRF token used to protect state-changing requests. | CalProof (first-party) | Session |
These cookies are first-party, set with the Secure, HttpOnly (where applicable), and SameSite=Lax flags, and are cleared when you sign out.
3. Analytics — no cookies
We measure aggregate page-view counts using GoatCounter, a privacy-respecting analytics service. GoatCounter is configured in cookieless mode: it does not set any cookie, does not retain IP addresses beyond 24 hours, and does not allow individual users to be re-identified across sessions.
Because GoatCounter does not store anything on your device, no consent banner is needed for analytics. We chose this approach deliberately so that we can measure how the service is used without weighing the experience down with consent prompts.
4. Functional cookies
Functional cookies remember small UI choices so the app behaves the way you expect. None of them carry personal data beyond the minimum needed for the feature.
| Cookie | Purpose | Provider | Lifetime |
|---|---|---|---|
plan_tier_cache |
Caches your subscription plan tier client-side so dashboard pages can render without a round-trip to the billing service. Cleared on sign-out. | CalProof (first-party) | Session |
theme |
Remembers your chosen colour scheme (light or dark). | CalProof (first-party, localStorage) | 1 year |
last_seen_release_notes |
Tracks which release-notes version you have read so we can show a small dot when there is something new. | CalProof (first-party, localStorage) | 1 year |
You can clear functional storage at any time from your browser settings, or by signing out of CalProof; the app will recreate the entries with their defaults the next time you sign in.
5. No third-party advertising cookies
We do not run advertising campaigns that depend on cookies, retargeting, or cross-site tracking. We do not embed advertising tags from Google, Meta, LinkedIn, or any other ad network on the authenticated parts of the service. The only third-party services that the application talks to in normal use are listed on our Sub-processors page.
6. Browser controls
Most browsers let you control cookies and similar storage through their settings. You can usually:
- block all cookies, although this will prevent CalProof from working because authentication cookies are required;
- block third-party cookies only, which CalProof tolerates because we do not rely on third-party cookies;
- delete cookies for individual sites, including CalProof;
- ask the browser to clear cookies and site data when you close it.
For step-by-step instructions, see your browser's help pages:
- Chrome: https://support.google.com/chrome/answer/95647
- Edge: https://support.microsoft.com/en-gb/microsoft-edge
- Firefox: https://support.mozilla.org/en-US/kb/clear-cookies-and-site-data-firefox
- Safari: https://support.apple.com/en-gb/guide/safari/sfri11471/mac
If you visit calproof.co.uk from inside the EU or UK and we ever introduce a cookie that is not strictly necessary or first-party functional, we will ask for your consent through a banner before the cookie is set, in line with PECR and UK GDPR.
7. Why we keep cookies minimal
We are aware that the average web app sets dozens of cookies the moment a page loads, often before any consent is given. We have chosen the opposite path on CalProof for two reasons.
First, calibration teams typically work inside a quality system that frowns on data leaving the organisation without a clear purpose. Every cookie we set is one more thing for an internal IT or compliance review to assess. Keeping the list short and obvious makes those reviews quick.
Second, most analytics and advertising cookies do not actually help us run a better B2B tool. We measure aggregate page views in cookieless mode, and we ask people directly when we want feedback. That gives us better signal than a behavioural funnel ever would, and it leaves your browser cleaner.
If we ever change our mind on this — for example, to add a session-replay tool that helps us debug a specific problem — we will say so on this page, ask for consent if the law requires it, and tell active customers by email before the change takes effect.
8. Contact
For any question about cookies on CalProof, email privacy@calproof.co.uk. The wider rules on how we handle personal data are in our Privacy Policy.