1. What are cookies?
"Cookies" are small text files placed on your device when you visit a website. We also use similar technologies such as browser localStorage and sessionStorage; for consistency this policy refers to all of them as "cookies". Cookies let websites remember things about your visit, such as whether you are logged in, so the site can work properly and (where permitted) measure how it is used.
2. Categories we use
We organize cookies into four categories. Strictly necessary cookies are always on; the others are off by default and require your consent.
| Category | What it does | Legal basis |
|---|---|---|
| Strictly necessary | Keeps you signed in, secures requests, and makes the site work. The site cannot function without these. | Legitimate interest in operating the site (no consent required, GDPR Recital 32 / ePrivacy Article 5(3)). |
| Analytics | Helps us understand how visitors use the site so we can improve it. Aggregated, no individual identification. | Consent (GDPR Article 6(1)(a)). |
| Functional | Remembers preferences such as language, dismissed notices, or chat-widget state. | Consent (GDPR Article 6(1)(a)). |
| Marketing | Used for advertising and retargeting. Reserved for future use; we currently run no advertising pixels. | Consent (GDPR Article 6(1)(a)). |
3. What we currently set on your device
The table below lists the cookies and similar storage actually used on the site today.
3.1 Strictly necessary
| Name | Type / storage | Provider | Purpose | Duration |
|---|---|---|---|---|
sb-<project-ref>-auth-token | localStorage | Supabase (our backend, EU region) | Stores your authentication session so you stay signed in to your client dashboard between visits. | Until logout or one year |
dm-cookie-consent | localStorage | DefendMe (first-party) | Remembers your cookie preferences so we do not re-prompt you on every visit. | 12 months |
3.2 Analytics
We have Google Analytics 4 wired into the codebase but it is currently dormant: the script does not load until both (a) a tracking ID is configured and (b) you grant the Analytics category in the banner. When enabled, the cookies below will be set under defendmeworldwide.com.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
_ga | Google Analytics 4 | Distinguishes unique visitors. | 2 years |
_ga_<ID> | Google Analytics 4 | Persists session state for the GA4 property. | 2 years |
3.3 Functional
We currently set no functional cookies separate from the strictly necessary set above. This category is reserved for future preferences (e.g., remembered language).
3.4 Marketing
We currently run no advertising or retargeting pixels (no Meta Pixel, no Google Ads tag, no LinkedIn Insight Tag, no TikTok Pixel, no X Pixel). If we add any in the future, this section will be updated and your consent will be requested before they load.
4. Third-party content embedded on our pages
Even when we do not set cookies ourselves, some content loaded into our pages is served by third parties. These providers may log technical information such as your IP address to deliver the content. The current list is:
| Provider | What it does | Cookies it sets on us |
|---|---|---|
Google Fonts (fonts.googleapis.com, fonts.gstatic.com) | Serves web fonts (Fraunces, Plus Jakarta Sans, JetBrains Mono, Libre Baskerville, Roboto, Playfair Display, DM Sans). | None. Google Fonts no longer sets cookies (since 2022); only your IP is processed for delivery. |
Supabase Edge Functions (our backend at *.supabase.co) | Powers the chat widget, contact forms, payments, and authentication API. | None on our domain. Auth state is kept in our own localStorage as listed above. |
Stripe Checkout (checkout.stripe.com) | Processes card payments. Loaded only when you click "Pay". We redirect to Stripe's hosted page. | Stripe sets its own cookies on the stripe.com domain, not on defendmeworldwide.com. Those cookies are governed by stripe.com/cookie-settings. |
5. Managing your preferences
When you first visit the site we show a banner with three choices: Accept all, Reject all, and Customize. You can change your decision at any time.
You can also clear all cookies and site storage from your browser settings. Most browsers let you see what is stored, delete it, and block future cookies. Note that disabling strictly necessary cookies will break login and the client dashboard.
6. Do Not Track and Global Privacy Control
The banner is the canonical way to record your preferences on our site. If your browser sends a Global Privacy Control (GPC) signal, we treat it as a request to opt out of non-essential cookies where applicable law requires us to honor such signals.
7. Changes to this policy
We will update this Cookie Policy if we change which cookies we use or add a new third-party tool. Material changes will be reflected by updating the "Effective Date" above and, where required, by re-prompting you for consent through the banner.