Legal
Cookie policy
Last updated: 17 June 2026
This policy explains how FreediveTraining uses cookies and similar technologies when you use our website and training app. It describes what we store in your browser and which services help us measure traffic — not advertising trackers.
1. Who this policy applies to
This policy applies to visitors and registered users of the FreediveTraining website (breath-hold tables, training plans, library, dashboard, leaderboard, public profiles, and related pages).
If you have questions, use our contact form.
2. What are cookies?
Cookies are small text files stored on your device when you visit a website. They help the site remember your sign-in state, keep sessions secure, and support core functionality.
We also use local storage and session storage in your browser. These are not cookies, but they store data locally for similar purposes (for example UI preferences). We describe them below for transparency.
3. Cookies we use
FreediveTraining uses essential cookies delivered by our authentication provider, Supabase, when you sign in or stay signed in. We also use a first-party visitor cookie for aggregate traffic statistics and, when the site is hosted on Vercel, Vercel Web Analytics for privacy-oriented page-view measurement. We do not use advertising cookies, social media tracking pixels, or marketing analytics (such as Google Analytics for ads).
| Name / type | Purpose | Duration |
|---|---|---|
| Supabase authentication cookies (names typically start with sb- and relate to your project) | Keep you signed in securely, refresh your session, and protect account routes. Required for login, sign-up, password reset, and any page that loads your profile or training data. | Session-based and short-lived refresh tokens; max duration is controlled by Supabase auth settings (often up to several weeks while “remember me” behaviour applies, or until you sign out). |
| ft_vid (first-party, httpOnly) | Assigns an anonymous visitor id so we can count unique visits and page views for internal traffic statistics (admin dashboard). Not used for advertising. | Until you clear site cookies or we rotate it; typically persists across visits on the same browser. |
Exact cookie names depend on your Supabase project reference and may appear as several chunked cookies (for example sb-<project-ref>-auth-token). They are set on our site’s domain when you use authenticated features.
4. Browser storage we use (not cookies)
The following items are stored in your browser using local or session storage. They stay on your device and are not sent to advertising networks.
| Storage key | Purpose | Duration |
|---|---|---|
| freedive-training-sound-muted | Remembers whether you muted timer sounds during breath-hold table training. | Until you clear site data or change the setting in the timer. |
| freedive-training-halfway-cue | Local cache of whether the spoken “half way there” cue is enabled. When signed in, the choice is stored on your account. | Until you clear site data or change the setting in profile → Training. |
| freedive-training-audio-mode | Local cache of your timer cue preference (beeps or speech). When signed in, the choice is stored on your account; this key keeps the current device in sync. | Until you clear site data or change the setting in profile → Training. |
| freedive-library-show-premade-tables | Remembers if you chose to show or hide premade breath-hold tables in your library view. | Until you clear site data or change the setting. |
| freedive-library-show-premade-workouts | Remembers if you chose to show or hide premade workouts in your library view. | Until you clear site data or change the setting. |
| fta_welcome_[user id] (session storage) | Avoids repeating the one-time welcome message on the dashboard in the same browser tab session. | Until the browser tab/session ends. |
5. Third-party services
Some features rely on services that may set or process data when you use the app:
- Supabase — hosts authentication, the database (profiles, training sessions, plans), and file storage (for example avatars). Authentication cookies are set as described above. Privacy and security practices are governed by Supabase’s privacy policy.
- Vercel Web Analytics — when the app is deployed on Vercel, a small analytics script may record page views, referrers, and general device/browser information to help us understand traffic and improve performance. It is designed for privacy-friendly measurement and is not used for advertising. See Vercel Web Analytics privacy information and Vercel’s privacy policy.
- useSend — sends contact form messages to us when you submit the contact page. This runs on our server when you send the form; useSend does not place marketing cookies in your browser for that flow.
Fonts used on the site are loaded via Next.js font optimisation (self-hosted delivery). We do not load third-party font scripts that track visitors for advertising.
6. What we do not use
- Advertising or retargeting cookies
- Social media embed trackers
- Marketing or cross-site profiling analytics (e.g. Google Analytics for ads)
- Cross-site profiling for marketing
Our analytics are limited to understanding how the site is used and keeping it reliable. If we introduce optional marketing cookies in the future, we will update this policy and, where required by law, ask for your consent before using them.
7. Legal basis (EEA / UK visitors)
Where European data protection law applies, we rely on:
- Legitimate interests — for authentication cookies, first-party traffic measurement, and storage needed to provide the service you request (sign-in, saving training data, core UI preferences, understanding aggregate site usage).
- Consent — only where we explicitly ask for it (for example if we add non-essential cookies later). Today’s essential cookies do not require a separate consent banner for basic sign-in functionality.
8. How to control or delete cookies
You can:
- Sign out — clears your authenticated session for this site (Supabase auth cookies will stop being used for new requests).
- Change browser settings — block or delete cookies and site data. Blocking essential cookies will prevent sign-in and account features from working.
- Clear site data — removes local storage preferences (timer mute, library visibility, welcome message flags).
9. Changes to this policy
We may update this cookie policy when our app or legal requirements change. The “Last updated” date at the top will change when we do. Continued use of the site after updates means you accept the revised policy, unless otherwise required by law.