Legal
Cookie policy
Last updated: 21 May 2026
This policy explains how FreediveTraining uses cookies and similar technologies when you use our website and training app. It describes what we actually store in your browser today — not generic marketing trackers we do not run.
1. Who this policy applies to
This policy applies to visitors and registered users of the FreediveTraining website (breath-hold tables, training plans, library, dashboard, leaderboard, public profiles, and related pages).
If you have questions, use our contact form.
2. What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the site remember your sign-in state, keep sessions secure, and support core functionality.
We also use local storage and session storage in your browser. These are not cookies, but they store data locally for similar purposes (for example UI preferences). We describe them below for transparency.
3. Cookies we use
FreediveTraining uses a small set of essential cookies delivered by our authentication provider, Supabase, when you sign in or stay signed in. We do not use advertising cookies, social media tracking pixels, or third-party analytics cookies (such as Google Analytics) on this app.
| Name / type | Purpose | Duration |
|---|---|---|
| Supabase authentication cookies (names typically start with sb- and relate to your project) | Keep you signed in securely, refresh your session, and protect account routes. Required for login, sign-up, password reset, and any page that loads your profile or training data. | Session-based and short-lived refresh tokens; max duration is controlled by Supabase auth settings (often up to several weeks while “remember me” behaviour applies, or until you sign out). |
Exact cookie names depend on your Supabase project reference and may appear as several chunked cookies (for example sb-<project-ref>-auth-token). They are set on our site’s domain when you use authenticated features.
4. Browser storage we use (not cookies)
The following items are stored in your browser using local or session storage. They stay on your device and are not sent to advertising networks.
| Storage key | Purpose | Duration |
|---|---|---|
| freedive-training-sound-muted | Remembers whether you muted timer sounds during breath-hold table training. | Until you clear site data or change the setting in the timer. |
| freedive-library-show-premade-tables | Remembers if you chose to show or hide premade breath-hold tables in your library view. | Until you clear site data or change the setting. |
| freedive-library-show-premade-workouts | Remembers if you chose to show or hide premade workouts in your library view. | Until you clear site data or change the setting. |
| fta_welcome_[user id] (session storage) | Avoids repeating the one-time welcome message on the dashboard in the same browser tab session. | Until the browser tab/session ends. |
5. Third-party services
Some features rely on services that may set or process data when you use the app:
- Supabase — hosts authentication, the database (profiles, training sessions, plans), and file storage (for example avatars). Authentication cookies are set as described above. Privacy and security practices are governed by Supabase’s privacy policy.
- Resend — sends contact form messages to us when you submit the contact page. This runs on our server when you send the form; Resend does not place marketing cookies in your browser for that flow.
Fonts used on the site are loaded via Next.js font optimisation (self-hosted delivery). We do not load third-party font scripts that track visitors for advertising.
6. What we do not use
- Advertising or retargeting cookies
- Social media embed trackers
- Third-party web analytics cookies (e.g. Google Analytics)
- Cross-site profiling for marketing
If we introduce optional analytics or marketing cookies in the future, we will update this policy and, where required by law, ask for your consent before using them.
7. Legal basis (EEA / UK visitors)
Where European data protection law applies, we rely on:
- Strictly necessary / legitimate interests — for authentication cookies and storage needed to provide the service you request (sign-in, saving training data, core UI preferences).
- Consent — only where we explicitly ask for it (for example if we add non-essential cookies later). Today’s essential cookies do not require a separate consent banner for basic sign-in functionality.
8. How to control or delete cookies
You can:
- Sign out — clears your authenticated session for this site (Supabase auth cookies will stop being used for new requests).
- Change browser settings — block or delete cookies and site data. Blocking essential cookies will prevent sign-in and account features from working.
- Clear site data — removes local storage preferences (timer mute, library visibility, welcome message flags).
9. Changes to this policy
We may update this cookie policy when our app or legal requirements change. The “Last updated” date at the top will change when we do. Continued use of the site after updates means you accept the revised policy, unless otherwise required by law.