Private BetaInvite only. 3 spots daily.

Session & Authentication Policy

KestrelVoice does not use tracking cookies, advertising cookies, or third-party analytics cookies. We use only essential session cookies required for authentication and security.

What We Store in Your Browser

Supabase Authentication Session

When you log in, Supabase (our authentication provider) stores a JWT session token in an HTTP-only cookie. This cookie is essential for keeping you authenticated across page navigations and API requests.

  • Purpose: Maintain your login session
  • Type: HTTP-only, Secure, SameSite=Lax
  • Duration: Session-based or up to 7 days with “Remember me”
  • Third-party access: No — HTTP-only means JavaScript cannot read it
  • Provider: Supabase (supabase.com)

No Tracking or Advertising Cookies

We do not use Google Analytics, Meta Pixel, Mixpanel, Segment, or any other third-party tracking services. We do not build advertising profiles or share browsing behavior with third parties for marketing purposes.

Local Storage (Optional Features Only)

Some dashboard features store minimal UI preferences (such as sidebar collapse state or dark mode preference) in your browser's localStorage. This data never leaves your device and is not transmitted to our servers.

How Authentication Works

  1. Login: You enter your credentials on our login page. Credentials are sent directly to Supabase over TLS 1.3.
  2. Session Creation: Supabase validates your credentials and issues a JWT token. This token is stored in an HTTP-only cookie by your browser.
  3. API Requests: Every request to /api/* automatically includes this cookie. Our server validates the token with Supabase to identify your account and enforce tenant-scoped data access.
  4. Logout: Clicking “Sign Out” clears the cookie from your browser and invalidates the session on Supabase. You are immediately signed out on all devices.

What We Do NOT Store in Your Browser

×Advertising identifiers or retargeting pixels
×Cross-site tracking cookies
×Analytics session IDs from third parties
×Social media embed cookies
×Fingerprinting scripts
×Marketing automation cookies

Managing Your Session

  • Sign out: Use the “Sign Out” button in your dashboard to clear your session immediately.
  • Browser settings: You can block all cookies in your browser settings, but this will prevent login and dashboard access.
  • Clear cookies: Clearing cookies for kestrelvoice.com will sign you out but does not delete your account data from our servers.
  • Session expiry: Sessions expire automatically after 7 days of inactivity (or sooner if configured by your administrator).

Questions?

If you have questions about how we handle sessions, authentication, or data storage, contact our security team:

Contact: Use our contact form for security and privacy inquiries.
Related: Privacy Policy · Terms of Service

Last Updated: May 18, 2026