Cookie Policy
Last updated: May 2026
This Cookie Policy explains how Rxolve Ltd uses cookies and similar technologies on www.rxolve.co. We have deliberately kept our cookie footprint to an absolute minimum: we use Plausible Analytics (which sets no cookies at all) and strictly necessary authentication cookies in the product. We set no advertising, targeting, or analytics cookies, and we do not use cookie consent management platforms.
1. What cookies are
Cookies are small text files placed on your device by websites you visit. They are used for many purposes — keeping you logged in, remembering preferences, measuring usage, and targeting advertising. This policy explains exactly which of these we use and why.
2. Plausible Analytics (no cookies)
The public marketing pages of this site (/, /pricing, /about, /contact, /legal/*) use Plausible Analytics, a GDPR-compliant, privacy-first analytics tool.
Plausible sets no cookies. It does not store personal data, does not track users across sessions or websites, and does not use fingerprinting. Page view data is aggregated and anonymised. No data is shared with advertising networks. Plausible is fully compliant with GDPR, PECR, and ePrivacy requirements without requiring a cookie consent mechanism.
3. Authentication cookies
When you log in to the Rxolve product (authenticated pages at /workplan, /history, /reports, /settings), we set strictly necessary session cookies to maintain your logged-in state. These cookies are:
- sb-access-token and sb-refresh-token — set by Supabase (our authentication provider) to keep you logged in during and across sessions. These are HTTP-only, Secure, and SameSite cookies. They do not track browsing behaviour and cannot be accessed by JavaScript.
These cookies are strictly necessary for the product to function. Under PECR, strictly necessary cookies may be set without user consent. They expire when your session ends or, for the refresh token, after 7 days of inactivity.
4. Stripe (payment pages only)
When you enter payment details during signup or when managing your subscription, Stripe may set cookies required for fraud detection and PCI DSS compliance. These are strictly necessary for the secure processing of your payment and are set solely on pages where payment details are entered. Stripe is a PCI DSS Level 1 certified processor; details of their cookie practices are available in Stripe’s own privacy documentation.
5. Why no consent banner?
Under PECR (the Privacy and Electronic Communications Regulations), a cookie consent banner is required only when non-essential cookies (such as analytics, advertising, or tracking cookies) are set. Because we use:
- Plausible Analytics, which sets no cookies at all; and
- only strictly necessary authentication and payment-security cookies in the product;
we are not required to obtain consent for our cookie use, and we do not display a consent banner. This is consistent with ICO guidance on strictly necessary cookies.
6. Your controls
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies. Note that blocking strictly necessary authentication cookies will prevent you from staying logged in to the Rxolve product.
Useful guides for controlling cookies in common browsers:
7. Changes to this policy
If we change our cookie practices in a way that requires consent (for example, by adding analytics cookies in the future), we will update this policy, add a consent mechanism, and notify existing users. The “Last updated” date above reflects the most recent revision.
8. Contact
Questions about our cookie practices should be sent to privacy@rxolve.co.