Cookie Policy

Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work efficiently, provide reporting information, and assist with personalization.

In addition to cookies, we and our service providers may use other similar technologies, including:

• Local storage (localStorage): A web storage mechanism that allows websites to store data locally in your browser with no expiration date.
• Session storage (sessionStorage): Similar to localStorage but limited to the duration of your browser session.
• Web beacons (pixel tags): Tiny, transparent images embedded in web pages or emails that enable tracking of page visits or email opens.
• SDK identifiers: Identifiers set by software development kits integrated into applications.

This policy covers all of these technologies when we refer to “cookies.”

We use a minimal set of cookies and similar technologies for the following purposes:

• Authentication: To identify you when you sign in and maintain your session while you use the Service.
• Security: To protect your account and our Service from unauthorized access and fraudulent activity.
• Preferences: To remember your settings and display preferences.
• Performance measurement: To understand how the Service performs and identify areas for improvement, using privacy-friendly, cookie-free analytics.

We do not use cookies for advertising, behavioral profiling, cross-site tracking, or retargeting.

Strictly necessary cookies

These cookies are essential for the Service to function. They cannot be disabled without breaking core functionality. They are set in response to actions you take (such as signing in) and do not require your consent under applicable law.

• auth-token — Firebase authentication session token. Identifies your authenticated session. Expires after 1 hour and is automatically refreshed. Set by Google Firebase. First-party cookie. Strictly necessary.
• session-id — Browser session identifier. Used for security purposes to identify your browser session. Session cookie (deleted when you close your browser). First-party cookie. Strictly necessary.

Analytics (cookie-free)

We use Vercel Analytics for aggregate performance and usage analytics. Vercel Analytics is designed to be privacy-friendly and does not use cookies, fingerprinting, or any form of persistent identifier. It collects only aggregated, non-personally-identifiable metrics such as page views, web vitals, and geographic region (country level). No analytics cookies are set on your device.

We also use Vercel Speed Insights to measure real-user performance (Core Web Vitals). This service similarly does not set cookies or collect personally identifiable information.

What we do NOT use

We want to be explicit about what we do not do:

• We do not set any advertising or marketing cookies.
• We do not set any third-party tracking cookies.
• We do not engage in cross-site tracking or behavioral profiling.
• We do not use Google Analytics, Facebook Pixel, Hotjar, or any similar third-party analytics or tracking tools that set cookies.
• We do not set fingerprinting identifiers.

In addition to cookies, the Vephon Studio application may use:

• localStorage: To store your user interface preferences (such as theme settings, sidebar state, or language preferences) locally in your browser. This data remains on your device and is not transmitted to our servers.
• sessionStorage: To store temporary state information needed during your current session (such as form progress or navigation state). This data is automatically cleared when you close the browser tab.

These technologies are used only for functionality and preference purposes and do not track you across websites.

As of the date of this policy, we do not set any third-party cookies on our website or within the Service.

Our authentication provider (Firebase) sets the auth-token cookie, but this is a first-party cookie set under our domain for the sole purpose of session management.

If we introduce any third-party cookies in the future, we will:

• Update this Cookie Policy before deploying them;
• Implement a consent mechanism for any non-essential third-party cookies;
• Clearly disclose the third party, the cookie’s purpose, and its retention period; and
• Provide you with the ability to opt out.

You can control and manage cookies through your browser settings. Please note that disabling strictly necessary cookies (auth-token, session-id) will prevent you from signing in to Vephon Studio.

Browser-specific instructions:

• Google Chrome: Settings → Privacy and Security → Cookies and other site data. You can block third-party cookies, block all cookies, or clear cookies on exit.
• Mozilla Firefox: Settings → Privacy & Security → Cookies and Site Data. Firefox offers Standard, Strict, and Custom tracking protection levels.
• Apple Safari: Preferences → Privacy → Manage Website Data. Safari blocks cross-site tracking by default via Intelligent Tracking Prevention.
• Microsoft Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.

For other browsers, please refer to your browser’s help documentation.

Do Not Track (DNT): Some browsers offer a “Do Not Track” setting. Since we do not engage in cross-site tracking, our practices are consistent with DNT signals regardless of whether you enable this setting.

Global Privacy Control (GPC): We honor GPC signals sent by your browser as a valid expression of your privacy preferences. Since we do not sell personal information or engage in cross-context behavioral advertising, GPC signals do not change our cookie behavior but are respected for other data processing as described in our Privacy Policy.

Impact of disabling cookies: If you disable all cookies, including strictly necessary ones, you will not be able to sign in to the Service or use authenticated features. The website (vephon.com) will continue to function for browsing purposes, but any interactive features requiring authentication will be unavailable.

Strictly necessary cookies: Under the EU ePrivacy Directive (Directive 2002/58/EC, as amended) and its national implementations, strictly necessary cookies are exempt from the consent requirement because they are essential for providing the service you have requested. Our auth-token and session-id cookies fall within this exemption.

Non-essential cookies: We currently do not use any non-essential cookies. If we introduce non-essential cookies in the future, we will obtain your informed, freely given, specific, and unambiguous consent before setting them, in compliance with the GDPR (where applicable) and the ePrivacy Directive. Consent will be collected through a cookie consent banner that provides:

• Equal visual prominence for “Accept” and “Reject” options;
• Granular choices by cookie category;
• No pre-ticked boxes;
• Easy withdrawal of consent at any time; and
• No cookie walls (you will not be blocked from accessing the site if you decline non-essential cookies).

We will update this Cookie Policy when we change our cookie or similar technology practices. Changes will be indicated by updating the “Last updated” date at the top of this page.

If we introduce new categories of cookies (such as analytics cookies that use persistent identifiers, or marketing cookies), we will update this policy before deploying the cookies and implement an appropriate consent mechanism.

We encourage you to review this policy periodically. For questions about our cookie practices, contact us at connect@vephon.com.

This Cookie Policy should be read in conjunction with our Privacy Policy and Terms of Service.