Legal

Cookie Policy

Last updated: 1 June 2026

This policy explains what cookies are, which ones HyPair uses, and what your options are. Short version: we use very few cookies, none of them are for advertising, and most are strictly necessary for the site and app to work.

1. What are cookies

Cookies are small text files stored on your device when you visit a website or use an app. They help the site remember things like whether you're logged in, your preferences, and how you interact with pages.

Similar technologies — like local storage and session tokens — work in a similar way and are covered by this policy.

2. What we use

HyPair uses only strictly necessary and functional cookies. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

Cookie / token	Type	Purpose	Set by	Expires
__cf_bm	Strictly necessary	Cloudflare bot protection — distinguishes humans from automated traffic. Required for the site to function securely.	Cloudflare	30 minutes
cf_clearance	Strictly necessary	Cloudflare security challenge — records that a visitor passed a security check.	Cloudflare	30 minutes – 24 hours
sb-access-token	Functional	Supabase authentication session token — keeps you logged in to the HyPair app. Stored in secure device storage, not a browser cookie.	HyPair / Supabase	1 hour (refreshed automatically)
sb-refresh-token	Functional	Supabase session refresh — allows your login session to renew without re-entering your password.	HyPair / Supabase	60 days

No advertising or analytics cookies. HyPair does not use Google Analytics, Facebook Pixel, or any other third-party tracking or advertising technology. We do not track you across other websites.

3. Strictly necessary cookies

The Cloudflare cookies are strictly necessary — they protect the site from malicious traffic and cannot be disabled without breaking core site functionality. Under GDPR and the ePrivacy Directive, strictly necessary cookies do not require your consent.

4. Functional cookies

The Supabase session tokens are functional — they are essential for keeping you logged in to your HyPair account. Without them, you would need to log in every time you open the app. These are stored in your device's secure storage (not accessible to other apps or websites) rather than as browser cookies.

5. What we don't use

Google Analytics or any other web analytics platform
Facebook Pixel or any social media tracking
Advertising or retargeting cookies
Third-party cookies from ad networks
A/B testing or heatmap tools

6. Managing cookies

You can control cookies through your browser settings. Most browsers allow you to block, delete, or get notified about cookies. However, blocking strictly necessary cookies (Cloudflare) may prevent the HyPair website from loading correctly.

For the HyPair mobile app, session tokens are managed through your device's secure storage. You can clear them by signing out of your account in Settings.

7. Changes to this policy

If we introduce new cookies or technologies — for example if we add analytics in the future — we will update this policy and notify users via the app or email before making any changes. We will never introduce advertising or tracking cookies without clearly informing you first.

8. Contact

Questions about cookies or this policy: hello@hypair.app
HyPair Ltd · Ireland