Cookies
Cookie Notice
Every cookie APN actually sets today, what each one is for, and how long it stays. No ad cookies, no tracking pixels. Analytics (Google Analytics 4) is consent-gated — it only runs on the live site after you opt in.
1#What counts as a cookie
A cookie is a small text file a website stores on your device. This page lists the cookies APN actually sets right now, read straight from the code, not a generic template.
2#Strictly necessary cookies
Set only when you sign in, so APN can keep you signed in across pages. If you never log in, APN sets no auth cookies at all. These are managed by Supabase, our authentication provider, and are HTTP-only (your browser scripts can't read them).
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| sb-…-auth-token | APN / Supabase | Keeps you signed in (HTTP-only). May be split into sb-…-auth-token.0 / .1. Present only while you're logged in | Until sign-out or token expiry |
Block these and sign-in stops working. There's no server-side workaround for that.
3#Functional cookies
One cookie, set when you vote on whether an article summary was helpful. It carries no personal data: it's a random ID used to stop the same browser from spamming the same vote (anti-abuse). Basis: our legitimate interest in keeping that feedback honest.
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| apn_fb | APN | Random anonymous ID that de-duplicates article-feedback votes (HTTP-only). No identity, no tracking | 12 months |
| apn_analytics_consent | APN | Remembers your analytics opt-in/opt-out so the consent banner doesn't ask again. No identity, no tracking. | 12 months |
4#CDN and security cookies
APN runs behind Cloudflare for delivery and bot protection. Cloudflare may set its own short-lived cookies (for example __cf_bm) to tell humans from bots and to keep the site fast and online. These are set by Cloudflare, not by APN, and APN does not read identity from them.
5#What APN does NOT set
Being straight with you matters more than looking thorough. As of this build:
- No advertising or marketing cookies.
- No cross-site profiling, fingerprinting, or data-broker cookies.
- Analytics is OFF by default. On the production site only, APN offers Google Analytics 4 for anonymous usage measurement (IP anonymized) — it loads with consent denied and measures nothing until you accept it in the consent banner. Declining keeps it off.
Analytics is consent-gated: GA4 loads with consent denied by default (Google Consent Mode) and only measures your visit after you accept in the banner. You can decline or withdraw at any time by clearing the apn_analytics_consent cookie. On staging (web2) analytics never runs at all.
6#Controls
You stay in control of every cookie on your device.
- Use your browser's per-site cookie controls to view, block, or clear APN cookies (Chrome, Safari, Firefox, Edge, Brave).
- Sign out to drop the Supabase auth cookies.
- Clearing apn_fb just resets your feedback de-dupe ID; nothing else breaks.
Blocking the strictly necessary auth cookies will break sign-in and any logged-in features. That isn't worked around on the server side.
7#Changes to this notice
When the cookies APN sets change, this page is updated with a new effective date. If we add anything that needs consent, we'll add the consent step at the same time.
★Cookie questions
Email contact@allpatchnotes.com with subject "Cookies" or "Privacy request".
Privacy · Terms · Cookies · Accessibility · Contact