Last updated: April 2026 · Effective immediately on publication.
Cookies are small files a website stores in your browser to remember things between visits. This page lists every cookie Seoxpert sets, what each one is for, how long it lasts, and how to change your consent.
We split cookies into three categories matching the consent banner:
If you decline a category, the corresponding scripts are not loaded at all — we use the manageScriptTags integration of vanilla-cookieconsent so non-essential tags only run after acceptance.
| Name | Purpose | Duration |
|---|---|---|
| cc_cookie | Stores your cookie-consent choices so we don't prompt on every visit. | 6 months |
| sb-…-auth-token | Authenticates you to the dashboard. Set by Supabase when you sign in. | Session / 1 hour refresh |
| sb-…-refresh-token | Lets the dashboard renew your session without forcing you to sign in again. | Up to 30 days |
If you accept analytics in the cookie banner, we load Google Analytics 4. Google sets the following cookies under the seoxpert.io domain:
| Name | Purpose | Duration |
|---|---|---|
| _ga | Distinguishes returning visitors so traffic stats are not double-counted. | 2 years |
| _ga_<property-id> | Per-property GA4 session identifier. | 2 years |
Google's privacy practices are documented at policies.google.com/privacy. If you decline analytics, none of these cookies are set and no GA scripts are loaded.
None today. The category is reserved for future tools (advertising pixels, conversion trackers). When we add anything in this category we will update this page, increment the consent revision so all visitors are re-prompted, and explicitly request consent for the new tools.
You can change your cookie preferences at any time:
Withdrawing consent stops new tags from loading. Cookies set during a previous consent stay on your device until they expire or you delete them through the browser. If you want them removed immediately, clear them in your browser settings.
Every accept, reject, or change is logged to our consent_events table along with a timestamp and a one-way hashed copy of your IP. We keep this record because the GDPR requires us to be able to demonstrate that consent was freely given. Hashes are produced with a salt that rotates daily; the original IP cannot be recovered from a hash. The hash and timestamp are kept for the lifetime of the consent record so the audit trail is intact.
Most browsers let you block, allow, or delete cookies independently of the consent banner. Documentation:
Blocking strictly-necessary cookies will break the site (you won't be able to sign in). Blocking analytics or marketing cookies has no impact on functionality.
We respect the Global Privacy Control (GPC) signal — if your browser sends GPC, we treat it as a withdrawal of analytics and marketing consent. We don't honour the older "Do Not Track" header because the browser-vendor working group never agreed on a canonical interpretation; the consent banner is the authoritative mechanism.
If we add cookies, change durations, or change purposes, we will update this page and increment the consent revision so every visitor is prompted again. We log every revision change so we can prove who consented to which version.
For broader detail about how we handle personal data, see the privacy policy. For company information and where to send legal notices, see the imprint. For privacy questions, contact support@seoxpert.io.
Cloud Ninja Consulting ApS · CVR 46044118 · VAT DK46044118 · Denmark.