Cookies and browser storage

Last updated: 13 July 2026

This notice covers cookies and similar browser storage used by Twigged. Local storage and session storage are not cookies, but UK rules can apply to them in a similar way. Our Privacy Notice explains the related use of personal data.

Our current position

Twigged does not currently set advertising cookies, cross-site tracking cookies, optional analytics cookies or session-replay storage. Sentry receives minimised error reports when configured, but Twigged does not use Sentry Replay. We use browser storage only for authentication, security and functions a visitor or signed-in user asks the product to provide.

Because the storage listed below is necessary for those requested functions, Twigged does not currently show an optional-cookie consent banner. If we introduce non-essential storage, we will update this notice and ask for consent before using it where the law requires.

Cookies

Name or providerPurposeTypical duration
sb-<project>-auth-token and numbered chunksSupabase authentication: keeps you signed in and refreshes a secure account session.Up to 400 days, refreshed while the session remains valid; cleared when the session is signed out or revoked.
sb-<project>-auth-token-code-verifierProtects passwordless or third-party sign-in while the browser returns from the identity provider.Normally removed when the sign-in callback completes; if a flow is abandoned, no longer than the 400-day cookie maximum.
Cloudflare TurnstileA strictly necessary anti-bot challenge on sign-up when that protection is enabled. Cloudflare may set its own security storage and receives browser challenge signals.For the challenge and Cloudflare’s associated security period; the exact expiry is shown in the browser’s storage controls and is set by Cloudflare, not Twigged.

Local storage

Local storage remains on the device between visits. Twigged uses it in the following functional categories:

CategoryExamples and purposeDuration
PreferencesTheme, motion, planner defaults, hardiness zone, dismissed guidance and completed tours. These remember choices you make.Until you change the choice, reset product settings or clear Twigged site data in the browser. Ordinary sign-out keeps harmless preferences, including an AI-learning objection, so the browser continues to respect them.
Draft and recovery dataUnsaved planner drafts, bed-design sessions, palette history, visualiser forms, saved viewpoints, journal drafts and design hand-offs. This prevents accidental loss and moves work between Twigged tools on the same device.Until the item is deleted or replaced. Ordinary sign-out and account deletion remove account, project and draft data from that device; clearing Twigged site data also removes it.
Client-facing convenienceA guest reviewer’s chosen display name and care-plant selections so a requested shared experience remains usable.Until changed or the relevant item is removed. Ordinary sign-out and account deletion remove this client-facing data; clearing Twigged site data also removes it.

Session storage

Twigged uses session storage for short same-tab hand-offs, such as moving a sketch or a pending Restyle upload into the next requested step. It is removed when the hand-off is consumed or when the browser tab is closed. It is not used for advertising or cross-site tracking.

Your controls

Browser settings let you inspect and clear Twigged’s cookies and site data. Blocking authentication or functional storage can prevent sign-in, draft recovery and other requested features from working. To object to Twigged’s separate use of structured design activity for product improvement, use Settings → Data & privacy; that is an account privacy control, not a cookie preference.

Questions about this notice can be sent to privacy@twigged.design.