MagpireSign in

Cookies

Last updated: 18 April 2026

Magpire only sets cookies that are strictly necessary to operate the service. We don’t use advertising or tracking cookies, so we don’t need consent under UK PECR for the cookies listed below — but we still ask you to acknowledge them so the relationship is clear.

Strictly necessary cookies

  • sb-access-token / sb-refresh-token — Supabase Auth session. Required to keep you signed in. HttpOnly, secure, expires when you sign out.
  • magpire_audit_used— set after a free audit submission so the status page knows which browser owns which Audit (and to enforce the “one free audit per browser” rule). HttpOnly, 1 year.
  • magpire_gsc_oauth_state — short-lived (10 minute) Google OAuth state token used to verify the GSC connection callback. HttpOnly.
  • checkout_bypass— 10-minute grace cookie set after Stripe checkout so you don’t see a brief locked dashboard while the webhook finishes activating your subscription. HttpOnly.
  • magpire_cookie_ack— records that you’ve dismissed the cookie notice. 1 year.

Third-party cookies and embedded services

We don’t embed advertising or analytics trackers on the dashboard. The third-party services we do embed are listed below — they each set their own cookies under their own policies, not ours.

  • Stripe— Stripe Checkout and the Stripe Billing Portal are hosted on Stripe’s domain and set their own cookies for fraud detection and session management. Governed by Stripe’s cookie policy.
  • TidyCal— the “Book a strategy call” buttons open a TidyCal booking page in a new tab. TidyCal may set its own cookies for booking session continuity once you land on the page; we don’t embed any TidyCal scripts on Magpire itself. See TidyCal’s privacy policy.
  • Sentry— when an unhandled error occurs, the page sends a short error report to Sentry so we can fix the bug. Sentry does not set cookies on your browser, but it does receive your IP address and the URL where the error occurred. We’ve configured Sentry to omit personally identifying fields (sendDefaultPii: false). See Sentry’s privacy policy.
  • Vercel Analytics — first-party page-view counter; cookieless, no cross-site tracking. See Vercel’s privacy policy.

Disabling cookies

Blocking the strictly-necessary cookies will sign you out and prevent you from signing back in. You can clear them at any time from your browser settings.