VesselTwin Cookie Notice
Last updated 2026-05-19
1. Summary
VesselTwin uses only the cookies and similar browser-storage mechanisms that are strictly necessary to deliver the service you asked for — keeping you signed in, keeping your session secure, and making the app work. We do not use analytics, advertising, or cross-site tracking cookies. We do not embed third-party social or marketing pixels.
Under EU/UK ePrivacy rules, strictly-necessary cookies do not require prior consent, but we still tell you about them here in the spirit of transparency.
2. What we set today
| Cookie / storage | Purpose | Category | Lifetime | Set by |
|---|---|---|---|---|
Clerk authentication cookies — observed names include __session, __client_uat, __clerk_db_jwt, clerk_active_context, and per-instance suffixed variants. Exact set may change with provider updates. | Sign-in session, session JWT, active-organization context, CSRF / clickjacking protection. | Strictly necessary | Session / up to 30 days | Clerk (auth provider) |
localStorage key __clerk_environment | Caches Clerk environment config (sign-in methods, social providers) to speed up auth UI load. | Strictly necessary | Until you clear browser storage | Clerk (auth provider) |
localStorage key cookie-disclosure.acknowledged.v1 | Remembers that you dismissed our first-visit cookie notice. | Strictly necessary | Until you clear browser storage | VesselTwin |
localStorage keys under recipient-terms.accepted.* | Remembers your acceptance of recipient terms on a vendor or document share link. | Strictly necessary (record of legal acceptance) | Until you clear browser storage | VesselTwin |
| Next.js framework cookies (e.g. locale, build id where applicable) | Application routing and asset versioning. | Strictly necessary | Session | Next.js (framework) |
3. What we do not set
- No Google Analytics, Hotjar, Mixpanel, Segment, Amplitude, PostHog, Plausible, or other product-analytics cookies.
- No Google Ads, Facebook/Meta Pixel, LinkedIn Insight, TikTok Pixel, or other advertising / retargeting cookies.
- No third-party social embeds that drop cookies (e.g. embedded YouTube, Twitter, Facebook widgets).
- No cross-site tracking or device-fingerprinting.
4. Mobile apps
The VesselTwin native iOS app and the Android Capacitor wrapper authenticate using bearer tokens stored in the operating system's secure storage (Keychain on iOS, Capacitor Preferences on Android). They do not use HTTP cookies. The first-visit cookie banner therefore only appears in the web browser.
5. How to control cookies
Because we use only strictly-necessary cookies, there is nothing optional for you to turn off in our product. You can always clear cookies and site data in your browser settings — note that doing so will sign you out and reset the first-visit notice.
6. Future changes
If we add non-essential cookies (for example, product analytics), we will update this notice, change the first-visit banner into a true consent prompt with Accept / Reject controls, and ensure no non-essential cookie fires before you make a choice. Material changes will be reflected on this page; the "Last updated" date at the top will move.
7. Contact
Questions about cookies or privacy? privacy@vesseltwin.io.