Legal

Cookie Policy

How DevMesh uses cookies to support website operation, measurement and marketing.

Last updated: May 23, 2026

Overview

This page summarizes how we use cookies to support website operation, measurement and marketing optimization.

Categories used

  • Necessary — Supabase session cookies (sb-access-token, sb-refresh-token) for sign-in. Strictly necessary, cannot be disabled. Duration: session to 7 days.
  • Analytics — Plausible Analytics (cookie-less, EU-hosted) and Microsoft Clarity (anonymized interaction analytics). Used to understand how the marketing site is used. Duration: Plausible none; Clarity up to 1 year.
  • Marketing — Google Tag Manager / gtag, enabled only when running paid campaigns. Used for attribution. Duration: up to 2 years.
  • Stripe — Stripe sets its own cookies on the checkout/portal pages it serves under js.stripe.com to detect fraud and run the checkout session. Governed by Stripe's privacy policy.

Legal basis

Necessary cookies are processed on the basis of legitimate interest (Art. 6(1)(f) GDPR) to operate the service the user requested. Analytics and marketing cookies are processed on the basis of consent (Art. 6(1)(a) GDPR) where consent is required by your jurisdiction. Where Do Not Track or a browser tracking-protection signal is detected, the analytics scripts are not loaded.

Change settings

You can clear DevMesh cookies any time through your browser settings, and disable third-party analytics by enabling Do Not Track or your browser's tracking-protection feature. For account-level requests, contact us at privacy@devmesh.app and we will help review your settings.

More information

For details on what personal data we process and on what legal basis, see the DevMesh Privacy Policy at /privacy.