Cookie Policy
Last updated May 31, 2026
This Cookie Policy explains how Spilla ("we", "us", or "our") uses cookies and similar technologies on https://spilla.app and in our mobile app (together, the "Service"). It also explains your choices.
For more detail on the data we collect overall, please read our Privacy Policy.
What are cookies?
Cookies are small files placed on your device when you visit a website. They let the website recognise you across pages and visits — for example, to keep you signed in. Web applications and mobile apps use equivalent mechanisms such as localStorage and sessionStorage for the same purpose. In this policy we use "cookies" as shorthand for both.
Why do we use cookies?
We use cookies for three purposes only:
- Strictly necessary. To keep you signed in, route you to the right page after auth, and remember your language preference. The Service does not function without these.
- Crash reporting (optional, consent-required). A small Sentry SDK collects crash stack traces and performance traces. It runs only after you accept analytics in our consent UI.
- Product analytics (optional, consent-required). Anonymous PostHog events (page views, click counts) so we can see which features are used. No phone numbers, no message content. Runs only after you accept analytics in our consent UI.
We do not set advertising or marketing cookies. We do not work with any third-party ad network or data broker.
What cookies do we set?
Strictly necessary
sb-access-token/sb-refresh-token— your Supabase auth session. Set when you sign in; removed when you sign out. First-party. Required.spilla-language(localStorage) — your preferred-languages selection so the feed loads in the right language. First-party.
Optional (consent-required)
ph_*— PostHog analytics events. First-party (we self-host or proxy via our domain). Disabled until you opt in.sentry-*— Sentry session id, used to group multiple errors from the same page load. First-party. Disabled until you opt in.
Third-party (Stripe Checkout, Premium subscribers only)
When you click Subscribe on the Premium page, Spilla redirects you to Stripe's hosted checkout at checkout.stripe.com. While you are on that page, Stripe sets its own strictly-necessary cookies on the stripe.com domain to operate the checkout, prevent fraud, and remember partially-completed payments. These cookies are set by Stripe under their domain, not by Spilla; we have no read access to them. They are governed by Stripe's Privacy Policy. You can return to Spilla without subscribing, in which case no Stripe cookie will be set because the checkout page never loads.
Stripe Checkout is only loaded when you actively choose to subscribe. The rest of Spilla contains no Stripe code and sets no Stripe cookies.
How can I control cookies?
On your first visit we show a consent banner with three choices: Accept all, Reject all, and Customise. Customise opens a preferences dialog where you can toggle analytics on or off independently. The strictly- necessary cookies cannot be disabled — without them you can't sign in.
You can change your decision at any time by clicking Cookie preferences in the footer. The dialog also has a Withdraw all consent link that wipes your stored choice; the banner reappears on the next page load so you can pick again. Your choice is stored in your browser only (localStorage) — there is no server-side record.
You can also disable cookies via:
- Blocking third-party JS via your browser or an extension like uBlock Origin.
- Visiting the privacy controls in your browser's settings and adjusting cookie permissions for
spilla.app. - Emailing privacy@spilla.app — for account-level requests or if you can't access the in-app controls.
How can I control cookies on my browser?
Cookie controls vary by browser. The instructions below link to the official help pages:
What about other tracking technologies?
We do not use tracking pixels, web beacons, or fingerprinting libraries. We do not embed any third-party scripts other than the optional Sentry and PostHog SDKs listed above.
Do you use Flash cookies or Local Shared Objects?
No. Flash was discontinued in 2020 and we have never used it.
Do you serve targeted advertising?
No. Spilla is ad-free and we have no plans to introduce third-party advertising.
How often will you update this Cookie Policy?
We update this Cookie Policy whenever we add or remove a cookie or change how an existing cookie is used. The "Last updated" date at the top of the page reflects the most recent change.
Where can I get further information?
For questions about our use of cookies, email privacy@spilla.app.