Norly
Back to homepage

Legal

Cookie Policy

Norly uses two kinds of cookies: strictly necessary (login and payments) and analytics (Google Analytics) — the latter only if you consent via our cookie banner. You can change your decision at any time from the bottom of any page.

Last updated: 1 May 2026

1.What is a cookie?

A cookie is a small text file that a website can ask your browser to store. It can then send it back on the next visit, so the site "remembers" you — for example, that you're logged in. Cookies can also be used to track your behaviour across websites.

2.Strictly necessary cookies (no consent required)

These cookies are required for the platform to function. Under the ePrivacy Directive (and its national implementations) they require no prior consent.

sb-access-token / sb-refresh-token

Set by Supabase Auth when you log in. Keeps you logged in across pages and sessions. HttpOnly + Secure + SameSite=Lax.

Lifetime: until logout (or automatic expiry after inactivity)

Category: strictly necessary

norly_consent

Remembers your choice from the cookie banner ("Accept all" or "Essential only") so you don't have to decide again on each visit.

Lifetime: 12 months

Category: strictly necessary

3.Analytics cookies (require your consent)

If you click "Accept all" in the cookie banner, we load Google Analytics 4 (GA4) to understand how the platform is used at an aggregate level. This helps us figure out which parts of Norly are confusing or broken.

_ga, _ga_*

Set by Google Analytics. Generates a pseudonymous visitor ID used to distinguish unique browsers, so GA can compute metrics like unique visitors and session length. We've enabled IP anonymisation, so Google does not receive your full IP address.

Lifetime: up to 24 months

Category: analytics — only with your consent

If you click "Essential only", Google Analytics does not load at all and no GA cookies are set. We still count anonymous page views on public creator profiles via a server-side counter (no cookie, no identification), but only to give the creator aggregate numbers in their dashboard.

You can withdraw your consent at any time by clicking Cookie settings at the bottom of any page. That clears the banner decision; on the next page load you'll see the banner again — choose "Essential only" and GA tracking stops immediately, and the GA cookies eventually expire. If you want to remove them right away, delete them from your browser's developer tools (Application → Cookies).

4.What we DON'T use

  • No Facebook Pixel, Google Ads, LinkedIn Insight, or other marketing trackers
  • No third-party advertising cookies
  • No cross-site tracking or identification across devices
  • No data sold or rented to third parties

5.Stripe and payments

When you check out via Stripe Payment Element, Stripe may set its own cookies to prevent fraud and maintain payment security. These cookies are Stripe's responsibility and their policy can be read at stripe.com/cookies-policy/legal. We have no access to the data these cookies contain.

6.How to control cookies

You have three ways to manage your cookies:

  1. Cookie banner on first visit: click "Accept all" to allow analytics, or "Essential only" to accept only the strictly necessary cookies.
  2. Change your decision at any time: click "Cookie settings" at the bottom of any page. That resets your choice so the banner appears again.
  3. Your browser's own tools: all browsers let you delete existing cookies or block new ones. If you delete Norly's session cookies you will be logged out — everything else works as normal.

7.Changes

If we change which cookies we set, we update this page first and — if the change affects your existing consent — ask you to decide again via the banner. The most recent update date is at the top.

8.Questions

Write to hey@norly.io or read our privacy policy for the full picture of how we process data.