Cookie Policy

Cookies are small text files that are placed on your device when you visit a website. They are widely used to make websites work, to improve efficiency, and to provide information to the site owners.

Similar technologies, such as local storage, session storage, and pixel tags, may be used for comparable purposes. In this policy, we use the term "cookies" to refer to all these technologies.

We use cookies to: (a) enable essential functionality such as authentication and security; (b) remember your preferences; (c) measure and improve how the Service performs; (d) protect against fraud and abuse; and (e) attribute partner referrals accurately.

We do not use cookies to build advertising profiles about you or to show you targeted advertising.

We group cookies into four categories. Strictly necessary cookies are always active and cannot be disabled. All other categories require your consent where required by law, and can be managed at any time through our cookie preferences panel.

These cookies are essential for the Service to function. They allow you to navigate the site, log in, and use secure areas. Without them, the Service cannot work properly.

Examples: Supabase authentication session cookies (store your login session), cookie consent record (stores your cookie choices), CSRF protection tokens, and the Bellafy partner referral cookie when you arrive through a partner link (stores the partner's code so commissions are correctly attributed). The partner referral cookie is a first-party cookie used only to fulfill the function requested by clicking the referral link.

Retention: session duration up to 13 months, depending on the cookie.

These cookies remember choices you make to improve your experience, such as language preferences or recently viewed items.

Examples: language and locale preferences.

Retention: up to 12 months.

These cookies help us understand how visitors use the Service, which pages are popular, and how we can improve the product. The information is aggregated and does not directly identify you.

Examples: Google Analytics cookies (_ga, _gid, _ga_*) set by Google LLC.

Retention: up to 24 months.

These cookies are set by our security providers to detect bots, prevent fraud, and protect the Service.

Examples: Cloudflare Turnstile challenge cookies set during anti-bot verification, and Stripe security cookies set when loading the Stripe checkout on our website.

Retention: varies, typically session to 12 months.

Strictly necessary: Supabase auth session, cookie consent record, partner referral code (when applicable), CSRF token.

Functional: language and locale preferences.

Analytics: Google Analytics (_ga, _gid, _ga_*).

Security: Cloudflare Turnstile, Stripe (when checkout is loaded).

We maintain this list in good faith. Third-party providers may update their own cookies from time to time; we will review and update this policy periodically.

Some cookies are placed by third parties we use to operate the Service. These third parties have their own privacy and cookie policies that govern how they handle data:

Google LLC — Google Analytics: https://policies.google.com/privacy

Stripe, Inc. — https://stripe.com/privacy

Cloudflare, Inc. — https://www.cloudflare.com/privacypolicy/

Supabase Inc. — https://supabase.com/privacy

Vercel Inc. — https://vercel.com/legal/privacy-policy

When you first visit the Service, we display a cookie banner that allows you to accept, reject, or customize non-essential cookies. You can change your preferences at any time through the cookie preferences panel accessible from the footer of our website.

You can also control cookies through your browser settings. Most browsers allow you to block or delete cookies. Please note that blocking strictly necessary cookies may affect the functionality of the Service.

We honor the Global Privacy Control (GPC) signal where required by applicable law. When a GPC signal is detected, we treat it as an opt-out of non-essential analytics and sharing for that browser.

If you live in a jurisdiction where consent is not legally required for analytics cookies, these cookies may be loaded by default but can still be disabled from the cookie preferences panel.

When you interact with our cookie banner, we store a record of your choice to demonstrate compliance. This record includes your consent status (accepted, rejected, or customized), your IP address, a timestamp, and the version of the banner shown. This information is stored in our Supabase database and is retained for at least 13 months.

You can review or withdraw your consent at any time from the cookie preferences panel.

We may update this Cookie Policy when we add, change, or remove cookies. The "Last updated" date at the top of this page reflects the most recent revision. If we make material changes, we will notify you through the Service.

If you have questions about this Cookie Policy, please contact us:

Bellafy LLC

[Registered agent address, Wyoming]

Email: privacy@bellafy.app

In the event of any conflict between the English version of this Cookie Policy and any translated version, the English version shall prevail.