Cookie Policy
Effective date: 26 April 2026
This Cookie Policy explains how Fincharta Limited uses cookies and similar technologies. It supplements the Privacy Policy.
What are cookies?
Cookies are small text files that websites store on your device. Some are strictly necessary (without them the site does not work). Others are optional.
How Fincharta uses cookies
We use the minimum cookies needed to operate the service. We deliberately do not use behavioural advertising cookies, cross-site tracking pixels, or marketing analytics cookies.
Strictly necessary cookies
These keep you signed in and protect against fraud. Without them the service cannot function. They do not require consent under UK PECR.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __session | Clerk | Authentication session | Session |
| __client_uat | Clerk | Authentication state validation | 1 year |
| __cf_bm | Cloudflare (via Clerk) | Bot detection / fraud prevention | 30 minutes |
| sb-access-token | Supabase | Database session token | Session |
| sb-refresh-token | Supabase | Database session refresh | Session |
Functional cookies
Remember your preferences. Set only after you have signed in.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| fincharta-theme | Fincharta | Light/dark mode | 1 year |
| fincharta-currency | Fincharta | Display currency | 1 year |
Payment cookies
If you visit our pricing page or initiate a subscription, Stripe sets cookies for fraud detection.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| __stripe_mid | Stripe | Fraud prevention | 1 year |
| __stripe_sid | Stripe | Fraud prevention | 30 minutes |
Analytics — no cookies
We use Plausible Analytics for usage measurement. Plausible is privacy-friendly and does not set cookies. It measures visits without tracking individual users.
What we do not use
- Google Analytics, Hotjar, Mixpanel, Amplitude, Segment — none used
- Facebook Pixel, LinkedIn Insight Tag, Twitter pixel, TikTok pixel — none used
- Programmatic advertising cookies — none used
- Cross-site tracking — none used
Your choices
Because we use only strictly-necessary, functional, and payment cookies, no consent banner is required under UK PECR for the cookies themselves. The consent we ask for at signup covers our overall data processing under the Privacy Policy.
You can still:
- Block or delete cookies in your browser settings (may break authentication)
- Use private/incognito browsing
- Use browser-level tracking protection
Changes
We update this policy whenever we add or remove a cookie. The effective date at the top reflects the most recent change.