Cookie Policy

1. What is a cookie

A cookie is a small piece of data your browser stores on behalf of a website. We also use functionally equivalent mechanisms (localStorage, sessionStorage). This policy describes all of them collectively as "cookies." It explains the categories of cookies Park Graph relies on, why we use each one, the third parties involved, how long they last, and how you can control them. We keep our use of cookies deliberately narrow: we set them to sign you in, keep your session secure, complete payments, and remember a few preferences — not to build advertising profiles or track you across unrelated sites.

2. Strictly necessary

These cookies are required for the Platform to work and cannot be turned off in our interface:

• sb-* — Supabase auth session.
• pg_terms_accepted — short-lived, records your acceptance of the current Terms version on signup.
• pg_referral_code — preserves a referral code if you arrived via a partner link.
• pg_visitor_id — links a pre-signup pending lot to your account when you create it.

3. Functional and preference

Functional cookies remember choices you make so the Platform behaves the way you expect across visits. They are not used to track you across other websites. Examples include remembering whether you have dismissed an onboarding walkthrough, the lot you last viewed in the operator dashboard, and lightweight interface preferences. If these are cleared, the Platform still works, but it will treat you like a first-time visitor and re-show prompts you may have already completed.

4. Analytics

Today we do not run third-party analytics or advertising cookies. We rely on aggregate, server-side signals — such as QR scan counts and session activations tied to a lot rather than to an identified individual — to understand how the product is performing and to help Owners see how their lots are used. If we introduce browser-based analytics in the future, we will list each provider here, describe its purpose, and add a consent control before any non-essential analytics cookie is set.

5. Marketing

We do not run third-party marketing or retargeting cookies, and we do not sell or share cookie data with advertising networks. Referral attribution is handled by the strictly-necessary pg_referral_code cookie described above, which only records the partner link you arrived through so the correct referrer is credited when you sign up.

6. Third parties

Some essential cookies are set by trusted providers that power core platform functions rather than by us directly. Our authentication provider (Supabase) sets the sb-* session cookies that keep you signed in, and our payment processor (Stripe) may set cookies during checkout and identity flows to detect fraud and complete payments securely. These providers process this data under their own privacy and security commitments, and we use them only to deliver the service you have requested.

7. Retention

Cookies persist for different lengths of time depending on their purpose. Session cookies are removed when you close your browser, while persistent cookies remain until they expire or you clear them. Authentication sessions are refreshed and expire according to our security settings, short-lived records like pg_terms_accepted are kept only as long as needed to capture your acceptance, and attribution cookies such as pg_referral_code and pg_visitor_id expire after a limited window so pre-signup activity can be linked to the right account.

8. Managing cookies

You can view, block, or clear cookies at any time through your browser settings, and most browsers let you refuse cookies entirely or be prompted before one is set. Because the cookies we use are strictly necessary or functional, blocking them affects how the Platform works: clearing the strictly-necessary cookies above will sign you out, may cause referral attribution to be lost, and can require you to re-complete steps that rely on stored preferences. If we add any non-essential cookies in the future, you will be able to manage them through a dedicated consent control.

6. Contact

Privacy questions: privacy@parkgraph.com. See also our Privacy Policy.