Cookies and browser storage
Last updated: 13 July 2026
This notice covers cookies and similar browser storage used by Twigged. Local storage and session storage are not cookies, but UK rules can apply to them in a similar way. Our Privacy Notice explains the related use of personal data.
Our current position
Twigged does not currently set advertising cookies, cross-site tracking cookies, optional analytics cookies or session-replay storage. Sentry receives minimised error reports when configured, but Twigged does not use Sentry Replay. We use browser storage only for authentication, security and functions a visitor or signed-in user asks the product to provide.
Because the storage listed below is necessary for those requested functions, Twigged does not currently show an optional-cookie consent banner. If we introduce non-essential storage, we will update this notice and ask for consent before using it where the law requires.
Cookies
| Name or provider | Purpose | Typical duration |
|---|---|---|
sb-<project>-auth-token and numbered chunks | Supabase authentication: keeps you signed in and refreshes a secure account session. | Up to 400 days, refreshed while the session remains valid; cleared when the session is signed out or revoked. |
sb-<project>-auth-token-code-verifier | Protects passwordless or third-party sign-in while the browser returns from the identity provider. | Normally removed when the sign-in callback completes; if a flow is abandoned, no longer than the 400-day cookie maximum. |
| Cloudflare Turnstile | A strictly necessary anti-bot challenge on sign-up when that protection is enabled. Cloudflare may set its own security storage and receives browser challenge signals. | For the challenge and Cloudflare’s associated security period; the exact expiry is shown in the browser’s storage controls and is set by Cloudflare, not Twigged. |
Local storage
Local storage remains on the device between visits. Twigged uses it in the following functional categories:
| Category | Examples and purpose | Duration |
|---|---|---|
| Preferences | Theme, motion, planner defaults, hardiness zone, dismissed guidance and completed tours. These remember choices you make. | Until you change the choice, reset product settings or clear Twigged site data in the browser. Ordinary sign-out keeps harmless preferences, including an AI-learning objection, so the browser continues to respect them. |
| Draft and recovery data | Unsaved planner drafts, bed-design sessions, palette history, visualiser forms, saved viewpoints, journal drafts and design hand-offs. This prevents accidental loss and moves work between Twigged tools on the same device. | Until the item is deleted or replaced. Ordinary sign-out and account deletion remove account, project and draft data from that device; clearing Twigged site data also removes it. |
| Client-facing convenience | A guest reviewer’s chosen display name and care-plant selections so a requested shared experience remains usable. | Until changed or the relevant item is removed. Ordinary sign-out and account deletion remove this client-facing data; clearing Twigged site data also removes it. |
Session storage
Twigged uses session storage for short same-tab hand-offs, such as moving a sketch or a pending Restyle upload into the next requested step. It is removed when the hand-off is consumed or when the browser tab is closed. It is not used for advertising or cross-site tracking.
Your controls
Browser settings let you inspect and clear Twigged’s cookies and site data. Blocking authentication or functional storage can prevent sign-in, draft recovery and other requested features from working. To object to Twigged’s separate use of structured design activity for product improvement, use Settings → Data & privacy; that is an account privacy control, not a cookie preference.
Questions about this notice can be sent to privacy@twigged.design.