Cookie & Storage Notice — Clearune

  • Effective: 15 July 2026
  • Last updated: 16 July 2026
  • Provider: Joanna Szamota Blackgrain Workshop
  • Tax ID (NIP): 5291840195
  • REGON: 521704456

1. What this notice covers

This notice explains cookies, local storage, and session storage used by Clearune. Cookies are small values a site sends to a browser. Local and session storage are browser features that keep settings or session data on your device. Polish electronic-communications law applies to both storing information and reading information already stored on a device.

We do not use advertising cookies, social-media pixels, cross-site tracking, or third-party analytics SDKs.

2. Your choice

Essential storage is used without consent only where necessary to provide a feature you request, secure the Service, keep you signed in, or remember a privacy choice. Optional product analytics is off by default.

The first-layer banner offers equally available choices: Use essential only and Allow product analytics. Closing the banner before making a choice selects essential only. You can reopen the controls at any time with Cookie preferences in the footer. Refusing analytics does not reduce journal features.

We remember the decision for up to six months, then ask again. We also ask again if the analytics purpose changes materially.

3. Essential browser storage

Name or categoryTechnologyPurposeTypical duration
sb-…-auth-token and related Supabase valuesFirst-party cookieAuthenticate the account, refresh the session, and protect signed-in routesSession duration and refresh-token lifetime; removed or invalidated at sign-out or expiry
ljk_mkSession storageHold the unlocked journal key for the current browser session so pages can decrypt your journalCurrent browser tab/session; cleared at sign-out or session end
lj_consentLocal storageRecord analytics allowed/essential only, notice version, and decision timeUp to 6 months
lj_langLocal storageRemember English or PolishUntil changed or browser storage is cleared
Journal interface preferencesLocal storageRemember sound, dream mode, journal voice, prompt visibility, weather on/off, onboarding and voice noticesUntil changed, no longer needed, or browser storage is cleared
lj_openedSession storageAvoid replaying an opening effect repeatedly in one sessionCurrent browser tab/session
lj_refLocal storageAttribute an invite link followed by the visitor so a referral can be honoured at signupUntil signup/attribution, removal, or browser storage clearing

The exact Supabase cookie suffix is specific to our Supabase project and may be split into chunks by the authentication library. Preference names may change when a feature changes, but they are not used to follow you across websites.

4. Optional Google and Apple sign-in

The Google Identity Services or Sign in with Apple script loads on the login page only when the corresponding sign-in option is configured. If you choose one of these options, the provider may use its own cookies or browser information to display an account chooser, prevent fraud, complete authentication, and respect the provider account's existing session. Clearune receives the signed identity result and exchanges it for a Supabase session. These provider technologies are not used by us for advertising or product analytics.

You can avoid these provider technologies by using email and password instead.

5. Optional first-party product analytics

If you choose Allow product analytics, the app may send these permitted events to our own API: signup, first journal entry, paywall display, upgrade click, personality change, and referral-link copy. Each event may contain a timestamp, event name, small allowed property such as plan tier, and your account ID when signed in.

Analytics never contains journal text, prompts, AI replies, attachment contents, email, name, or an advertising identifier. We store events in our Supabase database for up to 13 months and do not send them to a third-party analytics company.

The analytics request does not need a separate tracking cookie. The lj_consent choice in local storage is checked before any optional event is sent.

6. Cloudflare Turnstile contact protection

The public contact email is protected from harvesting bots. Cloudflare Turnstile loads only after you ask to reveal that address. Cloudflare then processes technical browser, device, network, and challenge information needed to distinguish a person from automated abuse and may use short-lived cookies or browser storage for that security purpose. The token is verified on our server and is single-use.

Turnstile is not used for advertising or product analytics. If it cannot run because of accessibility, browser, or network restrictions, you can contact us by post at the address below.

7. Browser and device controls

You can delete or block cookies and site storage in browser settings. Doing so may sign you out, lock the current journal session, reset preferences, or make requested features unavailable. Clearing lj_consent causes the banner to return; until you choose again, optional analytics stays off.

Location, microphone, and notification permissions are controlled separately in your browser or operating system and can be withdrawn there.

8. Changes and contact

We will update this notice if the storage technologies or purposes change. A new optional purpose will not be enabled without the consent required by law.

Questions or accessibility requests:

Joanna Szamota Blackgrain Workshop · NIP 5291840195 · REGON 521704456

Zachodnia 24, 05-822 Milanówek, Mazowieckie, Poland