Cookie Policy
Last updated: March 30, 2026
1. What Are Cookies
Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences, keep you logged in, and improve your experience. Some cookies are essential for the site to function, while others are optional and require your consent.
2. How We Use Cookies
SonetHub uses a minimal set of cookies, primarily for authentication and user preferences. We do not use cookies for advertising, retargeting, or cross-site tracking.
3. Essential Cookies
These cookies are strictly necessary for SonetHub to function. They cannot be disabled. Without them, the app would not work.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
sb-*-auth-token | Supabase authentication — keeps you logged in and verifies your identity on each request. | Session (refreshed automatically) | HttpOnly, Secure |
NEXT_LOCALE | Stores your language preference (English or Spanish) so the interface displays in your chosen language. | 1 year | Standard |
active_workspace_id | Caches your selected workspace to avoid a database lookup on every page load. | 1 year | HttpOnly, Secure |
onboarding_complete | Caches whether you've completed the onboarding flow to avoid checking the database on each visit. | 1 year | HttpOnly, Secure |
cookie_consent | Stores your cookie consent preferences (which categories you accepted or declined). | 1 year | Standard |
4. Temporary Security Cookies
These cookies are set during the OAuth authorization flow when you connect a social media account. They protect against cross-site request forgery (CSRF) and ensure the authorization completes securely. They expire automatically after 10 minutes and are never used for tracking.
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
oauth_state | CSRF protection token during social account authorization. | 10 minutes | HttpOnly, Secure |
oauth_method | Tracks which OAuth flow variant is in progress (e.g., Instagram Login vs Facebook Login). | 10 minutes | HttpOnly, Secure |
twitter_code_verifier | PKCE code verifier for the X (Twitter) OAuth 2.0 authorization flow. | 10 minutes | HttpOnly, Secure |
tiktok_code_verifier | PKCE code verifier for the TikTok OAuth 2.0 authorization flow. | 10 minutes | HttpOnly, Secure |
linkedin_account_type | Stores whether you are connecting a personal or company LinkedIn account during authorization. | 10 minutes | HttpOnly, Secure |
5. Optional Cookies (Require Consent)
These cookies are only set if you give your explicit consent via the cookie banner. They are not required for the app to function.
Analytics
| Service | Purpose | Data Collected | Provider |
|---|---|---|---|
| Sentry | Error tracking and performance monitoring. Helps us detect and fix bugs faster. | Error stack traces, browser/OS info, page URL. No personal data (names, emails, content) is sent. | Sentry (Functional Software, Inc.) |
We do not currently use any marketing or advertising cookies. If this changes, we will update this policy and request your consent before setting any such cookies.
6. Local Storage
In addition to cookies, we use your browser's local storage for:
- Cookie consent preferences (
sonethub-cookie-consent) — Stores your cookie category choices so we don't ask again on every visit.
Local storage data stays on your device and is never sent to our servers.
7. Managing Your Preferences
You can change your cookie preferences at any time:
- Click the "Cookie Preferences" link in the page footer
- Clear your browser's cookies and local storage (this will reset all preferences and sign you out)
- Use your browser's built-in cookie management settings
8. Third-Party Services
When you use SonetHub, certain third-party services process data on our behalf. These services may set their own cookies on their own domains (not on sonethub.com):
- Stripe — Payment processing. When you visit the Stripe checkout or billing portal (hosted on stripe.com), Stripe may set its own cookies. See Stripe's privacy policy.
- Supabase — Authentication and data storage. Auth cookies listed above are set by Supabase's SDK. See Supabase's privacy policy.
Social media platforms (Instagram, Facebook, X, LinkedIn, TikTok, YouTube, Threads, Pinterest, Bluesky) do not set cookies on sonethub.com. OAuth authorization happens on the platform's own domain.
9. Updates to This Policy
We may update this cookie policy when we add or remove cookies. Material changes will be reflected in the "Last updated" date above. If we introduce new categories of non-essential cookies, we will request your consent again.
10. Contact
For questions about our use of cookies, contact us at info@sonethub.com.