Cookie Policy
Last updated 20 April 2026
1. Summary
Norrstone Vault uses only strictly-necessary cookies and a small amount of local storage. We do not use analytics, advertising, tracking, profiling, or session-replay cookies, and we do not sell or share data captured from cookies with third parties for advertising.
Because every cookie we set is strictly necessary to deliver the Service you asked for, EU and UK cookie law does not require your prior consent for them. We still show a short notice on first visit so you know what is happening.
2. What is a cookie?
A cookie is a small text file a website stores on your device to remember information between page loads or visits. Some cookies come from us (first-party); others may come from services we use (third-party). Local storage and session storage are similar technologies built into your browser. This page covers all of them.
3. Cookies we set
| Name | Provider | Purpose | Expires |
|---|---|---|---|
| sb-*-auth-token | Supabase (first-party, proxied) | Keeps you signed in. Stores your session so you don't have to log in on every page. | On sign out, or up to 1 year if you stay signed in. |
| post_login_redirect | Norrstone | Remembers which page you were trying to reach when you were asked to sign in, so we can take you there afterwards. | A few minutes, cleared after sign-in. |
| pending_claim_token | Norrstone | If you opened a certificate-claim link before signing in, this remembers which certificate to claim once you're in. | A few minutes, cleared after sign-in. |
| norrstone_cookie_notice_seen_v1 | Norrstone (local storage) | Remembers that you saw the cookie notice so we don't show it again. | Until you clear your browser storage. |
4. What we do not use
- No analytics providers (no Google Analytics, PostHog, Mixpanel, Amplitude, Segment, etc.).
- No advertising or retargeting cookies.
- No session-replay or heatmap tools.
- No social-media tracking pixels.
If this ever changes — for example, if we add a product-analytics tool — we will update this page and prompt you to review a consent choice before the new cookie is set.
5. Third-party services
Some pages embed content hosted by third parties (for example, Stripe's hosted payment and invoice pages). Those pages may set their own cookies under their own privacy and cookie policies. You only reach those pages by taking a specific action such as making a payment. See our Sub-processors page for the full list.
6. Managing cookies
Because every cookie we set is strictly necessary, disabling them will prevent you from signing in or staying signed in. You can still delete them from your browser at any time — your browser settings explain how. Clearing cookies will sign you out of Norrstone Vault.
If you have questions about cookies, email privacy@norrstone.com.
7. Changes
We may update this Cookie Policy from time to time. If we make material changes we will update the "Last updated" date and, where appropriate, notify you through the Service.