Last updated: 4/28/2026

1. What Are Cookies

Cookies are small text files that are placed on your computer or mobile device when you visit a website. Cookies are widely used to make websites work more efficiently and provide information to website owners.

Cookies allow websites to recognize your device, remember your preferences, and improve your experience. They can store information such as login status, language preferences, and other settings.

2. How TimeTally Uses Cookies

We use cookies to provide you with a secure, personalized experience and to improve our service. This Cookie Policy explains what cookies we use, why we use them, and how you can control them.

3. Types of Cookies We Use

We use the following categories of cookies on TimeTally:

3.1 Essential Cookies (Strictly Necessary)

These cookies are essential for the website to function properly. Without these cookies, services you have requested (such as logging in) cannot be provided. These cookies do not gather information about you for marketing purposes.

Supabase Authentication Cookie

• Name: sb-{project-id}-auth-token
• Purpose: Maintains your login session and authentication state
• Type: First-party, HTTP-only
• Duration: Session-based with automatic refresh (typically 1 hour, refreshed automatically)
• Provider: Supabase (authentication service)
• Data stored: JWT authentication token (encrypted session identifier)

This cookie is essential for security and cannot be disabled. Without it, you cannot log in or use the Service.

3.2 Functional Cookies (Preferences)

These cookies allow the website to remember choices you make (such as whether you've completed the onboarding tour) and provide enhanced, personalized features. The information these cookies collect is anonymized and they cannot track your browsing activity on other websites.

Onboarding Tour Completion Flags (LocalStorage)

• Name: employer-tour-completed
• Purpose: Remembers if you've completed the employer onboarding tour
• Type: First-party, LocalStorage
• Duration: Persistent (until you clear browser data)
• Data stored: Boolean value ('true' if completed)

• Name: employee-tour-completed
• Purpose: Remembers if you've completed the employee onboarding tour
• Type: First-party, LocalStorage
• Duration: Persistent (until you clear browser data)
• Data stored: Boolean value ('true' if completed)

These preferences improve your experience by preventing repeated tour displays. You can clear them by deleting browser data or localStorage.

3.3 Analytics Cookies (Performance)

These cookies collect information about how visitors use our website, such as which pages are visited most often and if error messages are received. All information collected by these cookies is aggregated and anonymized. We use this information to improve how our website works.

Google Analytics Cookies

• Tracking ID: G-9BJWY5F826
• Purpose: Understand user behavior, track page views, measure site performance
• Type: Third-party
• Provider: Google LLC
• Cookies set:
• _ga - Distinguishes unique users (2 years)
• _ga_{container-id} - Persists session state (2 years)
• _gid - Distinguishes users (24 hours)
• _gat - Throttles request rate (1 minute)
• Data collected: Page URLs, referrer, device type, browser, approximate location, interaction events
• IP anonymization: Enabled (last octet of IP address removed)

For more information about Google Analytics privacy practices, visit: Google Privacy Policy

Vercel Analytics

• Purpose: Monitor Core Web Vitals and application performance
• Type: First-party
• Provider: Vercel Inc.
• Data collected: Page load times, rendering performance, network metrics
• Privacy: No personal identifiers collected, aggregated metrics only
• Duration: Session-based

Vercel Analytics is privacy-focused and does not track users across sites or collect personal information.

3.4 Third-Party Service Cookies

When you use certain features, third-party services may set cookies on your device:

Stripe (Payment Processing)

• Purpose: Fraud detection and secure payment processing
• Type: Third-party
• Provider: Stripe, Inc.
• Used when: Viewing checkout pages or making payments
• Cookies: __stripe_mid, __stripe_sid
• Data collected: Device fingerprinting for fraud prevention, transaction information

For more information: Stripe Privacy Policy and Stripe Cookie Policy

4. Cookies We Do NOT Use

For transparency, we want to clarify that TimeTally does not use:

• Advertising cookies: We do not serve targeted ads or use advertising tracking
• Social media cookies: We do not embed social media widgets that track you
• Cross-site tracking: Our cookies do not track you across other websites
• Marketing cookies: We do not use cookies for marketing retargeting campaigns

5. Cookie Consent and Control

5.1 Consent

By using TimeTally, you consent to the use of cookies as described in this Cookie Policy. When you first visit our website, we may display a cookie notice informing you about our cookie usage.

Essential cookies: Do not require consent as they are necessary for the website to function.

Non-essential cookies (Analytics): You can opt out using the methods described below.

5.2 How to Control and Delete Cookies

You have the right to decide whether to accept or reject cookies. You can exercise your cookie preferences in several ways:

Browser Settings

Most web browsers allow you to control cookies through their settings. You can set your browser to:

• Block all cookies
• Block third-party cookies only
• Delete cookies when you close your browser
• Accept cookies from specific sites only

How to access cookie settings in popular browsers:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Edge: Settings → Cookies and site permissions → Manage and delete cookies

Opt Out of Google Analytics

You can prevent Google Analytics from tracking your visits by installing the Google Analytics Opt-out Browser Add-on:

Download Google Analytics Opt-out Add-on

Do Not Track (DNT)

Some browsers have a "Do Not Track" (DNT) feature that signals to websites you visit that you do not want to be tracked. Currently, there is no industry standard for how to respond to DNT signals, but we respect user privacy preferences.

Clear Browser Data

You can delete cookies already stored on your device by clearing your browser's history and cache. This will remove all cookies, including those used by other websites.

Note: Deleting cookies may affect your experience on TimeTally. You may need to log in again, and your preferences will be reset.

5.3 Impact of Blocking Cookies

If you choose to block or delete cookies, this may affect your use of TimeTally:

• Essential cookies blocked: You will not be able to log in or use the Service
• Functional cookies blocked: You may see the onboarding tour repeatedly
• Analytics cookies blocked: No impact on functionality; helps protect your privacy

6. LocalStorage and SessionStorage

In addition to cookies, we use browser storage technologies (LocalStorage and SessionStorage) to improve functionality:

6.1 LocalStorage

LocalStorage stores data persistently in your browser until manually cleared. We use LocalStorage for:

• Authentication tokens: Supabase session management
• Tour completion flags: Remembering onboarding tour status
• User preferences: Application settings and preferences

6.2 SessionStorage

SessionStorage stores data temporarily for the duration of your browser session. This data is deleted when you close the browser tab. We use SessionStorage for temporary state management during your session.

6.3 Managing Browser Storage

You can clear LocalStorage and SessionStorage by:

• Using your browser's "Clear browsing data" feature
• Using browser developer tools (F12 → Application → Storage)
• Using browser privacy/incognito mode (data is not persisted)

7. Cookie Lifespan

Cookies can be session-based (deleted when you close your browser) or persistent (remain until expiration or manual deletion):

7.1 Session Cookies

• Supabase authentication (refreshed automatically)
• Vercel Analytics (performance monitoring)

7.2 Persistent Cookies

• Google Analytics cookies (up to 2 years)
• Tour completion flags (until manually cleared)
• Stripe fraud detection cookies (varies)

8. Updates to Third-Party Services

Third-party service providers (Google, Stripe, Vercel) may update their cookie practices. We recommend reviewing their privacy and cookie policies directly:

• Google Privacy Policy
• Stripe Privacy Policy
• Vercel Privacy Policy
• Supabase Privacy Policy

9. More Information About Cookies

To learn more about cookies and how to manage them, visit:

• AboutCookies.org - General information about cookies
• AllAboutCookies.org - How to manage cookies in different browsers
• UK ICO Cookie Guidance - Official UK guidance on cookies and privacy

10. Changes to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our cookie usage, legal requirements, or technology. Material changes will be communicated by:

• Updating the "Last updated" date at the top of this page
• Displaying a notice on our website
• Sending an email notification for significant changes

We recommend reviewing this Cookie Policy periodically to stay informed about our cookie practices.

11. Contact Us

If you have questions about this Cookie Policy or our use of cookies, please contact us:

• Email: support@timetally.org
• Data Protection Officer: support@timetally.org
• Company Name: Timetally
• Website: https://www.timetally.uk

12. Related Policies

For more information about how we protect your data, please see:

• Privacy Policy - How we collect and use your data
• GDPR Compliance Statement - Your data protection rights
• Terms of Service - Service terms and conditions