Cookie Notice (EU/EEA)

1. Why this document exists

We use digital storage in the browser to keep the service functional and secure. This notice explains what is stored, where relevant consent is required under EU ePrivacy rules, and what is intentionally not used.

2. Cookies and equivalent storage currently used

As of this release, CLM Forge only uses strictly necessary technical cookies for core authentication and request integrity. No marketing, profiling, or behavioral analytics cookies are enabled by default.

• Authentication cookies (Supabase session cookies, e.g. sb-*-auth-token) set after successful login to keep your session state.
• Request/session integrity cookies issued as part of the Supabase auth flow, where technically necessary.

3. Browser local storage

We also use browser local storage for product UX state, for example:

• Story mode state and navigation preferences.
• Last visited story bookmarks and lightweight interface settings.

This storage is separate from authentication and is used only to improve local application behavior. It is not used for ads, tracking, or profiling.

4. Consent position

• No pre-consent banner is required for strictly necessary session cookies used for authentication, login continuity, and security.
• If CLM Forge is configured in the future to use analytics/tracking cookies, we will add a separate opt-in mechanism before those cookies are set.

5. Related documents

For broader data and legal handling, please also review the Privacy Notice, Terms of Use, and Data Processing Agreement (DPA).

6. Contact

Legal/Privacy contact: info@janedoe.se