Magpire
Free Audit

Cookies

Last updated: 11 May 2026

Magpire sets two kinds of cookies: strictly-necessary cookies that we need to operate the service, and optional analytics cookies set by Google Analytics and Microsoft Clarity. Analytics cookies are only loaded after you click Accept analytics on the cookie banner — under UK PECR they need explicit opt-in. You can withdraw consent at any time by clearing your browser storage for this site, which re-prompts the banner on your next visit.

Strictly necessary cookies

  • sb-access-token / sb-refresh-token — Supabase Auth session. Required to keep you signed in. HttpOnly, secure, expires when you sign out.
  • magpire_audit_used— set after a free audit submission so the status page knows which browser owns which Audit (and to enforce the “one free audit per browser” rule). HttpOnly, 1 year.
  • magpire_gsc_oauth_state — short-lived (10 minute) Google OAuth state token used to verify the GSC connection callback. HttpOnly.
  • checkout_bypass— 10-minute grace cookie set after Stripe checkout so you don’t see a brief locked dashboard while the webhook finishes activating your subscription. HttpOnly.
  • magpire_analytics_consent — records your choice on the cookie banner (granted or denied). Stored in localStorage. Without it the banner would re-appear on every visit.

Optional analytics cookies (opt-in)

These are only set if you click Accept analytics on the cookie banner. They help us understand which features are used and where the product is confusing.

  • Google Analytics 4 — sets _ga and _ga_<container-id>first-party cookies (2 years) to distinguish unique visitors and sessions. We’ve enabled IP anonymisation. Governed by Google’s privacy policy.
  • Microsoft Clarity — sets _clck, _clsk, CLID, ANONCHK, MR, MUID, SM cookies and records anonymised session replays + heatmaps so we can see where the UI is unclear. Sensitive form inputs are masked by default. Governed by Microsoft’s privacy statement.

Third-party cookies and embedded services

Aside from the analytics tools listed above (which only load after consent), the third-party services we embed are listed below — they each set their own cookies under their own policies, not ours.

  • Stripe— Stripe Checkout and the Stripe Billing Portal are hosted on Stripe’s domain and set their own cookies for fraud detection and session management. Governed by Stripe’s cookie policy.
  • TidyCal— the “Book a strategy call” buttons open a TidyCal booking page in a new tab. TidyCal may set its own cookies for booking session continuity once you land on the page; we don’t embed any TidyCal scripts on Magpire itself. See TidyCal’s privacy policy.
  • Sentry— when an unhandled error occurs, the page sends a short error report to Sentry so we can fix the bug. Sentry does not set cookies on your browser, but it does receive your IP address and the URL where the error occurred. We’ve configured Sentry to omit personally identifying fields (sendDefaultPii: false). See Sentry’s privacy policy.
  • Vercel Analytics — first-party page-view counter; cookieless, no cross-site tracking. See Vercel’s privacy policy.

Withdrawing consent or disabling cookies

To withdraw analytics consent: clear site data for magpire.com in your browser settings — the cookie banner will reappear on your next visit and you can choose Reject. Blocking the strictly-necessary cookies will sign you out and prevent you from signing back in.