Skip to main content
← Back to home

Cookies Policy

Last updated: 2026-05-08

1. About this policy

This page explains what cookies and similar technologies the Meridian platform (meridian.insights-2.com) uses, why we use them, and how you can change your mind. Read it together with our Privacy Policy.

Cookies are small text files stored on your device. We also use equivalent local-storage entries; for the purposes of this policy we treat them the same way.

2. What we use

Strictly necessary

  • Supabase Auth session cookies (HttpOnly, Secure) — keep you signed in. Without these you cannot use the dashboard, billing, or settings pages. Removed when you sign out.
  • CSRF / referrer-protection tokens — short-lived tokens used by Next.js routes that mutate state.

Functional

  • Sidebar state, active project — kept in browser localStorage so the dashboard feels less jumpy when you come back. No personal data.
  • Tier context cache — kept in localStorage so the dashboard knows your tier (Starter / Plus / Pro²) without an extra round-trip.

Analytics

  • Vercel Analytics — counts page views, derives country from IP (full IP not retained), records device class, URL paths. No advertising IDs, no cross-site tracking. Retained for 24 months in aggregate.

Third-party

  • Stripe — sets cookies on the Stripe Checkout / Customer Portal pages when you visit them, governed by Stripe's privacy policy.

3. How to opt out

You have three options for analytics (the only non-essential one):

  • Manage cookies via the link in the footer (when the cookie banner is live).
  • Set no_track manually in your browser's developer console: localStorage.setItem('no_track', '1'). Refresh the page.
  • Send a Global Privacy Control (GPC) signal from your browser. We honour GPC as a request to opt out of analytics.

You cannot opt out of strictly necessary cookies and continue using the platform; that's how authentication works.

4. Changes to this policy

We'll update the date at the top whenever we add or remove a cookie or change a retention period. For material changes that adversely affect your privacy, we'll give at least 30 days' notice.

5. Questions

Email hello@insights-2.com.