Back to MultiloopBack
PrivacyTermsCookiesPreferences
Sign In
PrivacyTermsCookiesPreferences

Cookie Policy

Last updated: May 22, 2026

This policy explains the cookies, browser storage, and analytics-related technologies Multiloop uses.

Plain English Summary

  • Essential cookies keep sign-in, security, share access, and consent records working.
  • Optional Multiloop analytics cookies are off until you accept analytics.
  • Vercel Web Analytics runs in production for service measurement and is separate from the optional Multiloop analytics cookies listed below.
  • No advertising or marketing pixel is loaded today.

1. Scope

This policy explains how Multiloop uses cookies and similar browser storage technologies, including localStorage. It should be read with our Privacy Policy.

2. Categories

Multiloop groups cookies and similar storage into three categories. You can change optional choices any time on the cookie preferences page.

  • Essential: always on. Authentication, security, share access, app functionality, and the consent record itself. Without these the site does not work correctly.
  • Analytics: optional and default off for Multiloop-set analytics cookies, first-party conversion records, and first-party funnel stitching. Used to understand product usage and improve reliability.
  • Marketing: optional and default off. Reserved for future ad-platform pixels. Nothing is loaded today.

Browser storage for product preferences, drafts, UI state, and feature state is part of the essential category when it is needed for the in-product experience.

3. Cookies We Use

3.1 Essential Authentication, Security, and Access Cookies

These cookies are required for login, account security, protected access, and consent records.

Cookie NamePurposeDurationCategory
sb-*-auth-tokenSupabase auth session cookie or cookie family.Session and/or provider-managed TTL.Essential
sb-*-auth-token-code-verifierPKCE authentication flow support.Session.Essential
trusted_deviceTwo-factor trusted-device state.Up to 30 days.Essential/Security
share_session_{shareCode}Access state for password-protected share pages.Up to 24 hours.Essential/Security
ml_consentRecords your cookie category choices.Up to 1 year.Essential

Exact Supabase cookie names and durations can vary by environment and provider behavior. Blocking essential cookies can break sign-in and protected access flows.

3.2 Optional Multiloop Analytics Cookies

These are set only after you choose Accept all in the cookie banner, save analytics as enabled in the preference center, or otherwise accept analytics. If analytics is rejected or revoked, these cookies are cleared where possible.

Cookie NamePurposeDurationCategory
ml_attrFirst-touch attribution snapshot, such as UTM source, medium, campaign, referrer host, and landing path.Up to 30 days.Analytics
ml_sidAnonymous session id used to connect pre-account funnel steps and consent events.Up to 180 days.Analytics

3.3 Production Web Analytics

We use Vercel Web Analytics in production for product and performance measurement. This is separate from the optional Multiloop analytics cookies above. Our wrapper removes query strings and hashes, suppresses auth callback pages, and replaces sensitive share codes with generic path labels before analytics events are sent.

Share-link analytics may also store pseudonymous event fields server-side, such as hashed viewer identifiers, referrer, and user-agent data.

3.4 Marketing Cookies

None today. If we add a third-party advertising pixel in the future, it will be loaded only after you accept the marketing category and it will be listed here.

4. Local Storage

We also use localStorage and similar browser storage for functionality and preference persistence.

Key or FamilyPurpose
themeTheme and UI preferences.
feature/tutorial flagsDismissal, onboarding, and feature state.
draft and UI cache keysClient-side convenience state for app features.

localStorage is stored in your browser profile on your device. Depending on feature behavior, stored state can affect later server interactions when you use the app.

5. Third Parties

Third-party providers used by the app or optional auth flows may set, read, or rely on technical cookies or storage in connection with service delivery.

  • Supabase: authentication cookies and session handling
  • Vercel: hosting, runtime, and Vercel Web Analytics in production
  • Cloudflare: infrastructure, security processing, and Turnstile challenge processing on signup and waitlist forms
  • Google: provider-managed cookies or storage if you choose Google auth flows
  • Apple: provider-managed cookies or storage if you choose Apple auth flows
  • Discord: provider-managed cookies or storage if you choose Discord auth or linking flows

Operational monitoring and incident-routing tooling such as Better Stack is handled server-side and does not currently add separate browser cookies through the app.

6. Managing Cookies

6.1 Preference Center

The fastest way to change optional Multiloop browser tracking choices is the cookie preferences page. You can accept or reject the analytics and marketing categories there at any time.

When you change preferences, we record an append-only audit row with the policy version and the categories you accepted. We do not store your IP address with this consent record.

6.2 Essential Cookies

Essential cookies cannot be disabled through Multiloop without losing core functionality. If you delete auth cookies, you will be logged out and may need to sign in again.

6.3 Browser Settings

You can also manage cookies in browser settings:

  • Google Chrome
  • Mozilla Firefox
  • Safari
  • Microsoft Edge

6.4 Clearing Local Storage

You can clear localStorage through browser developer tools or by clearing site data in browser privacy settings.

7. Updates to This Policy

We may update this policy as technologies or service behavior changes. Material changes will be communicated through appropriate notice mechanisms.

8. Contact

Questions about cookies or browser storage: privacy@multiloop.app or contact@multiloop.app.

Related Policies

Privacy PolicyTerms of Service
Privacy Policy·Terms of Service·Cookies·Cookie Preferences

© 2026 Multiloop. All rights reserved.

Questions? Contact us at contact@multiloop.app. Privacy requests: privacy@multiloop.app