Cookies Policy

Cookies are small text files stored on your device when you visit a website. They’re widely used to make sites work, or work more efficiently, and to provide information to the people who run them.

We only use cookies that are strictly necessary to deliver the Service you’ve asked for. We do not use cookies for advertising, profiling, or third-party tracking.

• Sign-in cookies— set by Supabase Auth when you log in. Keep your session alive across pages so you don’t have to sign in on every visit.
• Subscription & trial cookies — small session data we read on the server to show the right dashboard for trial vs paid accounts. First-party only.
• Tutor review unlock— if you’re a tutor with the shared review password, we set an encrypted cookie (ignite-review-unlock) to remember you’ve unlocked the review tool. Lasts up to 14 days. Not set for normal parent accounts.
• CSRF / state cookies — short-lived cookies set by Next.js and Stripe Checkout to protect you against cross-site request forgery during sign-in and checkout flows.
• Stripe billing — when you visit a checkout or billing page, Stripe sets its own session cookies on its own domain. These are required for the payment flow to work safely.

We use Vercel Analytics in a privacy-friendly mode that does not store personal data, does not set tracking cookies, and does not build a profile of you across sites. It tells us things like “the pricing page got 800 visits this week” — never anything that identifies you.

If we ever add an analytics tool that uses non-strictly- necessary cookies, we’ll show you a consent banner first and won’t set them until you opt in.

We use Sentry to capture crash reports so we can fix bugs quickly. Sentry sets a first-party cookie only if an error happens during your visit, and we’ve configured it not to send personally identifying data along with the report.

• Advertising cookies — we don't run ads, anywhere.
• Social media tracking pixels — Facebook, X, TikTok, none of them.
• Third-party profiling cookies that track you across other sites.
• Re-marketing or retargeting cookies.

You can clear cookies and site data from your browser’s settings at any time. If you clear our sign-in cookie you’ll be signed out — that’s expected and your account is safe.

You can also use your browser’s “Do Not Track” or strict tracking-prevention modes; we don’t set anything those modes will object to.

If we change the cookies we use, we’ll update this page and bump the “Last updated” date. Material changes will also be communicated by email.