PSTUDY uses only essential first-party cookies that are strictly necessary for the service to work: signing you in, keeping your session in sync between your browser and our servers, and completing secure authentication flows. We do not use analytics cookies, advertising cookies, or third-party marketing trackers.
Because every cookie we set falls into the “strictly necessary” category for an online service with accounts, we do not show a consent banner with accept or reject toggles for cookies under the ePrivacy rules as implemented for essential services. You can still control or delete cookies through your browser settings; if you block essential cookies, parts of PSTUDY (including sign-in) may not function.
Cookies set by PSTUDY
PSTUDY relies on the official Supabase client libraries for Next.js. Those libraries store your authenticated session in first-party HTTP cookies on our domain. The exact cookie names include a reference to your Supabase project (for example, names beginning with sb- followed by your project identifier and -auth-token). When the session payload is large, Supabase may split it into numbered fragments such as .0, .1, and so on. All of these are still first-party cookies set by PSTUDY’s application code through Supabase.
Purpose. These cookies let you stay logged in, refresh your session securely, and call authenticated APIs from the browser and from server components.
Duration. They are persistent cookies with an expiry chosen by Supabase (typically on the order of months for the refresh component), and they are refreshed while you use the product or until you sign out. When you sign out, Supabase clears or invalidates the session cookies.
Short-lived cookies during sign-in. When you use email links, invitations, or certain OAuth-style flows, Supabase may briefly set additional first-party cookies (for example to complete PKCE or code exchange). They exist only for the authentication step and are cleared once your session is established.
Next.js session cookie. The PSTUDY codebase does not set a separate, general-purpose “Next.js session” cookie beyond what Supabase uses for authentication. Server-side rendering reads the same Supabase session cookies through Next.js APIs.
Other storage
PSTUDY also stores some non-essential UI preferences in your browser’s local storage (for example the interface language key pstudy-locale, practice display options, or deck editor column visibility). Local storage is not the same as a cookie: it is not sent automatically with every HTTP request and is not used for advertising.
More detail
For how personal data is processed, including processors and your GDPR rights, see the Privacy Policy.
Our hosting provider Vercel may set technical cookies for security and infrastructure purposes (such as DDoS protection and edge routing). These are managed by Vercel and described in their cookie policy.