Cookie Policy

SocketBase uses cookies and similar technologies to keep the service secure, remember your cookie choices, support passwordless sign-in, and measure product usage when analytics consent is granted.

Necessary cookies are always active because the service cannot provide secure sign-in, OAuth protection, or consent storage without them. Optional analytics storage is off unless you choose to allow it.

socketbase_session: HTTP-only session cookie used to keep signed-in users authenticated. It expires with the session expiry configured by SocketBase.

socketbase_oauth_state: short-lived HTTP-only cookie used to protect Google and GitHub sign-in flows. It expires after the OAuth flow window.

socketbase_cookie_consent: first-party cookie used to remember your cookie choices. It expires after approximately six months unless you update it sooner.

When analytics is accepted, SocketBase may use first-party analytics storage to understand product usage and page performance. This helps us improve the service and identify reliability issues.

The customer-installable SocketBase tracking script uses a local storage identifier named socketbase:anonymous_id and sends product events only when analytics consent is present for that site visitor. If consent is missing or rejected, automatic pageview and event sending are blocked.

SocketBase does not currently use marketing cookies on the public website.

If we introduce advertising, retargeting, or campaign measurement cookies later, we will update this policy and request a fresh choice before using that storage.

You can allow analytics, reject non-essential storage, or save a custom preference. Rejecting non-essential storage does not block account sign-in, checkout, reports, or support for necessary security features.

You can reopen the preferences panel from this page at any time. Updating preferences overwrites the previous consent cookie and notifies any consent-aware SocketBase tracking code running on the page.

Stripe, Resend, Google, GitHub, Vercel, Supabase, and Plausible may process data as service providers when their features are used. Some provider-hosted pages or OAuth flows may use their own cookies under their own policies.

If a SocketBase customer installs the tracking script on their own website, that customer is responsible for telling their site visitors about the script and obtaining any required consent.