Cookies Policy
Last updated: 24 March 2026
Why there is no cookie banner
Some users expect a cookie-consent banner on every site. We deliberately don't show one because CraftCert uses only essential first-party cookies (authentication, billing) plus a cookieless analytics tool (GoatCounter). Under UK PECR + UK GDPR this combination does not require a banner — consent is required for non-essential cookies, and we don't set any. If you want to disable the essential cookies (for example, the Supabase auth cookie), you can do so in your browser settings; the site won't be usable once they're blocked, which is the only reason they're classed as essential.
What cookies we use
CraftCert uses essential cookies only — no advertising, no tracking, and no third-party marketing cookies.
Authentication cookies (Supabase)
When you sign in, Supabase sets session cookies to keep you authenticated. These cookies are prefixed with sb- and are strictly necessary for the service to function. They include:
sb-*-auth-token— stores your encrypted session token. Without this cookie, you cannot remain signed in.
These cookies are first-party, secure, and httpOnly. They are not used for tracking or analytics. They expire when your session ends or after the configured session lifetime.
Payment cookies (Stripe)
When you interact with payment forms, Stripe may set cookies required for fraud prevention and payment processing. These are set by Stripe directly and are governed by Stripe's cookie policy.
Analytics — no cookies
We use GoatCounter for website analytics. GoatCounter is completely cookie-free and does not collect personal data. It provides simple, aggregate page view counts without tracking individual visitors.
Managing cookies
You can clear or block cookies through your browser settings. Note that blocking the Supabase authentication cookies will prevent you from signing in to CraftCert.
Contact
If you have any questions, please contact us at support@craftcert.co.uk.