Cookies
Cookie policy
The whole policy fits on one page because we only set cookies the service needs to work. No advertising cookies, no analytics cookies, no cross-site anything.
The cookies we set
Keeps a host signed in between visits. Set by our authentication provider, Supabase, on our own domain.
The private editing key that lets a guest return to their own draft. HttpOnly, one per page, useless to anyone else.
Remembers that you entered a journal PIN correctly so you are not asked on every page.
All three are strictly necessary: the service cannot sign you in, hold your draft, or honor a PIN without them, which is why they do not require a consent choice. Dismissing our cookie notice is remembered in your browser's local storage, not a cookie.
Third parties
If you open our checkout or billing portal, you are on Stripe's pages and Stripe sets its own cookies for payment security and fraud prevention, governed by Stripe's cookie policy. We embed no other third-party services in your browser: no ad networks, no analytics scripts, no social pixels, no tag managers.
Managing cookies
Your browser can block or delete cookies at any time. Blocking ours simply signs hosts out, forgets guest drafts on that device, and re-asks for journal PINs; nothing else about the site breaks, and public journals stay readable.
Where this fits
This policy is part of our privacy policy and terms of service. If we ever add a cookie, it gets listed here first and the notice reappears. Questions: privacy@staypage.co.
Last updated July 2026