Cookie Policy
This Cookie Policy explains how Techwillow Inc. (“Techwillow Studio,” “we,” “us,” or “our”) uses cookies and similar tracking technologies (collectively, “Cookies”) when you visit our website or use our application at studio.techwillow.ca. This policy is consistent with our obligations under Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) and the guidance issued by the Office of the Privacy Commissioner of Canada (OPC).
1. What Are Cookies?
Cookies are small text files placed on your device when you visit a website. They allow the website to recognise your device on subsequent visits and store certain preferences or session information. Cookies set by us are called first-party cookies; those set by third parties are called third-party cookies.
2. Your Consent
In accordance with PIPEDA and OPC guidance, we rely on express consent for non-essential cookies and implied consent for strictly necessary cookies that are required to operate the Service. Strictly necessary cookies cannot be disabled without rendering core features of the platform non-functional.
By using our Service, you consent to our use of cookies as described in this policy. You may withdraw consent for non-essential cookies at any time via your browser settings (see Section 5).
3. Categories of Cookies We Use
3.1 Strictly Necessary Cookies
These cookies are essential for the Service to function. They enable core features such as secure login and authenticated sessions. The Service cannot operate properly without them.
| Cookie Name | Category | Purpose | Duration |
|---|---|---|---|
sb-[ref]-auth-token(may be split into .0, .1, etc.) | Strictly Necessary | Maintains your authenticated Supabase session so you stay logged in. | Session / auto-refreshed (up to 1 hour; renewed on activity) |
sb-[ref]-auth-token-code-verifier | Strictly Necessary | PKCE code verifier used during OAuth (e.g. Google Sign-In) to complete the secure login flow. | Session (deleted after login completes) |
__Host-next-auth.csrf-token | Strictly Necessary | CSRF protection token that verifies form submissions originate from our site. | Session |
theme(localStorage, not a cookie) | Functional | Stores your light/dark mode preference so it persists across sessions. | Persistent (browser local storage; no expiry) |
__stripe_mid__stripe_sid | Strictly Necessary (third-party) | Set by Stripe on checkout pages to detect fraud and maintain a secure payment session. | 1 year (__stripe_mid) / 30 minutes (__stripe_sid) |
__cf_bmcf_clearance | Strictly Necessary (third-party) | Set by Cloudflare to distinguish humans from bots and protect the platform from malicious traffic. | 30 minutes (__cf_bm) / up to 1 year (cf_clearance) |
g_state | Strictly Necessary (third-party) | Set by Google to manage the Google Sign-In OAuth session state. | Session |
Cookie names prefixed with [ref] contain your Supabase project reference and are unique to our deployment. Third-party cookie durations are controlled by those providers and may change.
3.2 Performance and Analytics Cookies
We do not currently use third-party analytics cookies (e.g., Google Analytics). Usage metrics are collected solely through server-side logs associated with your account, which are described in our Privacy Policy. If we introduce third-party analytics in the future, this policy will be updated and you will be notified.
3.3 Functional Cookies
These cookies allow the Service to remember choices you have made to provide enhanced, more personalised features. For example, remembering your most recently selected grade or subject to speed up worksheet generation.
4. Third-Party Technologies
Certain features of our Service use third-party services that may set their own cookies or tracking technologies:
- Stripe (Payment Processing): When you visit a checkout page, Stripe may set cookies to detect fraud, facilitate secure checkout, and maintain session continuity during the payment process. These are governed by Stripe’s Privacy Policy.
- Brevo (Email Delivery): We use Brevo to send transactional emails. Brevo does not set cookies on our website. Any tracking pixels within email messages (e.g., open tracking) are governed by Brevo’s Privacy Policy. You can disable email tracking by setting your email client to block remote images.
- Cloudflare (Performance & Security): Cloudflare may use technically necessary cookies as part of delivering our platform securely and detecting malicious traffic. See Cloudflare’s Privacy Policy.
- Google (Sign-In): When you use Google Sign-In to create an account or log in, Google may set authentication cookies or use tokens stored in your browser to manage the OAuth session. These are governed by Google’s Privacy Policy.
5. How to Control Cookies
You have the right to accept or reject non-essential cookies. You can control cookies through your web browser settings. Below are links to cookie management instructions for common browsers:
Please note that disabling strictly necessary cookies will prevent you from logging in and using the Service. Disabling functional cookies may reduce the personalised experience of the platform.
6. Do Not Track
Some browsers include a “Do Not Track” (DNT) feature. Our Service does not currently respond to DNT signals, as there is no universally accepted standard for how DNT should be interpreted. We will continue to monitor developments in this area.
7. Changes to This Cookie Policy
We may update this Cookie Policy from time to time to reflect changes in our practices or for operational, legal, or regulatory reasons. We will notify you of material changes by posting the updated policy on this page and updating the “Last Updated” date. We encourage you to review this policy periodically.
8. Contact Us
If you have any questions about our use of cookies or other tracking technologies, please contact our Privacy Officer:
- Email: privacy@techwillow.ca
- You may also file a complaint with the Office of the Privacy Commissioner of Canada if you believe your privacy rights have been violated.