Cookie Policy

Last updated: 4 June 2026 · Effective: 4 June 2026

The short version

VSpark does not use tracking cookies. We do not run Google Analytics, advertising pixels, or any third-party tracker that follows you between sites. The browser storage we do set is strictly necessary to make the Service work, and it stays on your device.

This page explains what VSpark stores in your browser, why, and how to clear it. It supplements our Privacy Policy, which is the master document on how we handle your data.

1. What "cookies" means here

The word "cookies" is shorthand on most sites for any client-side storage: traditional HTTP cookies, localStorage, sessionStorage, and IndexedDB. We use the term in that broad sense below. Where it matters, we say which mechanism we mean.

2. Storage VSpark itself sets

All of the following are first-party (set by vspark.gg), use no tracking IDs, and never leave your device unless you sign in (in which case the auth session is sent to our server to identify you on subsequent requests).

First-party browser storage set by VSpark
Name Type Purpose Lifetime
sb-<ref>-auth-token localStorage Supabase authentication session. Keeps you signed in across page loads and tabs. Required for every authenticated page. Until you sign out. Supabase uses a sliding refresh window, so active sessions can persist for several weeks.
vsp_referral and vsp_referral_ts localStorage Holds a referral code captured from a ?ref= URL until you complete sign-up, so we can credit the friend who referred you. The _ts companion records the capture time so we can expire it after 24 hours. 24 hours, then cleared
vsp-motion localStorage Your motion preference (auto, full, or reduce). Lets us honour reduced-motion choices on top of the OS-level prefers-reduced-motion setting. Until you change it or clear your browser storage
vsp-seen-achievements:<your id> localStorage List of achievement IDs you have already been shown a toast for, so we don't re-toast the same achievement on every page load. Until you delete your account or clear your browser storage
vsp-profile-just-saved localStorage Transient flag set when you save a profile change so the next page can show a brief "Saved" confirmation. Cleared on read. A few seconds (cleared on next page load)
vsp_eg_* (session) sessionStorage Tracks pages visited and session start time during the current browser tab session, to power two hidden achievements ("the explorer" and "touch grass"). Cleared automatically when you close the tab. Current tab session only
vspark_trusted_hosts localStorage Remembers which external sites you ticked "Don't ask again" for in the chat external-link warning, so we don't pop the warning every time. Until you clear your browser storage
vspark_chat_notify_pref localStorage Your in-app preference for browser push notifications about new chat messages. Until you change it or clear your browser storage
vspark_ios_install_dismissed localStorage Records that you dismissed the iOS "Add to Home Screen" install prompt, so we don't keep showing it. Until you clear your browser storage

We do not set any traditional HTTP cookies for our own purposes. Cloudflare, our hosting provider, may set short-lived security cookies (such as __cf_bm) to differentiate humans from bots during abuse-protection challenges; these are described in section 4.

3. Analytics

VSpark uses Cloudflare Web Analytics for aggregate pageview counts. It is the cookieless successor to Google Analytics that Cloudflare built specifically for this case. It:

Because there is no tracking and no personal data, no consent banner is required under UK GDPR, EU GDPR (PECR / ePrivacy), or Australian privacy law. For the broader data-handling commitments around analytics and what we do not do with your data, see our Privacy Policy.

4. Storage set by third parties

A handful of services we depend on may set their own storage when you interact with them through VSpark. We do not control these and their behaviour is governed by their own policies.

Browser storage set by integrated third-party services
Service When it sets storage What it does
Twitch While you are signing in via Twitch OAuth on twitch.tv. Twitch's own sign-in session and abuse protection. Once you return to VSpark, you are no longer interacting with Twitch's storage. See Twitch Privacy Notice.
Google While you are signing in via Google OAuth on accounts.google.com (used for YouTube). Google's own sign-in session and account state. See Google Cookie Policy.
Cloudflare Throughout your visit, when bot-protection is engaged. Short-lived cookies such as __cf_bm (30-minute bot management cookie). Sets no advertising identifier. See Cloudflare Cookie Policy.
Klipy When a GIF embedded from static.klipy.com or media.klipy.com is loaded in a chat. Standard browser caching of the GIF file. We proxy the search API server-side so your IP is not exposed to Klipy on search; only the GIF download itself goes direct to their CDN. See Klipy Privacy Policy.
Supabase Throughout your authenticated session. The authentication token described in section 2 is issued by Supabase Auth. Supabase itself does not set browser cookies on vspark.gg. See Supabase Privacy.

5. How to clear or block VSpark storage

All of the storage above can be cleared at any time from your browser:

Signing out of VSpark also clears the Supabase auth token from localStorage. Clearing all of the storage above is harmless: you will be signed out, the iOS install prompt may reappear once, and any external link warning preferences will reset.

You can also block storage entirely via your browser's "block all cookies" or "strict tracking protection" mode. VSpark will still load, but you will not be able to sign in (no auth session can persist) and the in-chat link warning will pop on every external host every time.

6. Changes to this policy

If we add, remove, or change what we store, we will update the table in section 2 and the "Last updated" date at the top of this page. For material changes we will give notice the same way we do for the Terms of Service (see Terms §15).

7. Contact

Questions about what's in your browser: hello@vspark.gg.