Cookie Policy

Last updated: May 12, 2026

1. What Are Cookies

Cookies are small text files that are stored on your device (computer, tablet, or mobile) when you visit a website. They are widely used to make websites work efficiently and provide information to the site owners. Similar technologies include web beacons, pixel tags, and local storage.

2. How We Use Cookies

WhatsInSkincare uses cookies and similar technologies for the following purposes:

Essential / Strictly Necessary: Required for the website to function properly. These enable authentication, session management, and security features. Without these cookies, certain services cannot be provided.
Analytics / Performance: Help us understand how visitors interact with our website by collecting anonymised information about pages visited, time spent, and error messages. We use Cloudflare Web Analytics and Google Analytics for this purpose.
Functional: Remember your preferences (e.g., saved products, skin profile data stored locally).
Advertising / Marketing: We use Google AdSense to display advertisements. These cookies track your browsing habits to provide relevant ads and measure ad performance. Currently pending activation.

3. List of Cookies We Use

Essential Cookies

__Host-session โ€” Authentication session cookie. Persists for the duration of your session or until you log out. HttpOnly, Secure, SameSite=Lax. Required for account features.
__Host-csrf-token โ€” CSRF protection token. Persists for 24 hours. HttpOnly, Secure, SameSite=Lax. Required for form submissions.
sb-*-auth-token โ€” Supabase authentication token. Persists for the duration of your session. Used for Google OAuth and email/password authentication.

Analytics Cookies

_ga, _ga_* โ€” Google Analytics. Tracks page views, sessions, and user interactions. Expires after 2 years. Anonymises IP addresses before storage.
_gid โ€” Google Analytics. Tracks user behaviour within a session. Expires after 24 hours.
_gat โ€” Google Analytics. Rate-limits request volume. Expires after 1 minute.
__cf_bm โ€” Cloudflare. Manages incoming traffic and identifies malicious visitors. Expires after 30 minutes.

Local Storage (Not Cookies, but Similar)

We use browser local storage to persist your skin profile data, saved products, scan history, and routine preferences. This data stays on your device and is not automatically sent to our servers unless you are logged in (in which case it is synced to your account for cross-device access).

4. Third-Party Cookies

Some cookies are placed by third-party services that appear on our pages:

Google Analytics โ€” Google's Privacy Policy
Cloudflare โ€” Cloudflare's Privacy Policy
Google AdSense โ€” Google's Privacy Policy (when activated)

We do not have control over the placement of cookies by third parties. We recommend reviewing their respective privacy and cookie policies.

5. Your Cookie Choices

You have the right to choose whether to accept or reject cookies:

Browser Controls: Most web browsers allow you to control cookies through their settings. You can typically delete existing cookies, block all cookies, or receive a warning before a cookie is stored. Instructions can be found in your browser's help section.

Opt-Out Tools:

โ€” Google Analytics Opt-Out Browser Add-on
โ€” Your Online Choices (EU)
โ€” Digital Advertising Alliance (US)

Essential Cookies: Essential cookies cannot be disabled as they are necessary for the website to function. However, you can still block them via browser settings, which may affect website functionality.

6. Google Analytics

We use Google Analytics to collect information about how visitors use our site. Google Analytics uses cookies to track user interactions. The information generated by the cookie about your use of the website (including your IP address, which is anonymised) is transmitted to and stored by Google on servers in the United States. Google uses this data to evaluate website usage, compile reports, and provide other analytics services. Google may transfer this data to third parties where required by law or where third parties process data on Google's behalf.

7. Cloudflare Web Analytics

We use Cloudflare Web Analytics, a privacy-first analytics service that does not use client-side cookies or collect personal data. It measures page views using the browser's built-in Beacon API. Data collected is anonymised and aggregated. No IP addresses are stored, and no individual user tracking occurs.

8. Consent Management

On your first visit to our site, a cookie consent banner is displayed. By clicking "Accept" or continuing to browse, you consent to the use of analytics and functional cookies as described in this policy. You can change your preferences at any time by clearing your cookies. Non-essential cookies will not be placed until you accept or interact with the consent banner.

9. Updates to This Policy

We may update this Cookie Policy from time to time to reflect changes in the cookies we use or for legal, operational, or regulatory reasons. Please revisit this page regularly to stay informed about our use of cookies.

10. Contact

For questions about our use of cookies:

Email: info@whatsinskincare.com
GitHub: Open an issue