Cookie Policy
Last updated: 2026-05-03
In plain language
We use a small number of cookies to keep your session active, remember your language preference, and (only if you consent) measure site performance. We do not sell your data or run advertising trackers by default.
What are cookies?
Cookies are small text files stored in your browser when you visit a website. They allow the site to remember your preferences and session state between page loads.
1. Strictly necessary cookies
These cookies are required for the site to function. They cannot be disabled. No personal data is transmitted to third parties through these cookies.
| Name | Provider | Purpose | Expires |
|---|---|---|---|
| sb-* | Supabase | Authentication session token. Keeps you signed in. | Session |
| lang | Layover Legends | Stores your language preference. | 1 year |
| cookie_consent | Layover Legends | Stores your cookie consent choices so we don't ask again. | 1 year |
2. Analytics cookies (optional)
These cookies help us understand how visitors use the site. They are only activated if you click 'Accept all' or enable the Analytics category in your preferences. No personal identifiers are stored.
| Name | Provider | Purpose | Expires |
|---|---|---|---|
| _vsi | Vercel | Vercel Speed Insights — anonymous page performance measurement. | Session |
3. Marketing cookies (optional)
Marketing cookies are currently not active on this site. If we introduce remarketing tools in the future, we will update this policy and request fresh consent before activating them.
Third-party services
The following third-party services may set cookies or access data through our site. Each has its own privacy policy and cookie policy.
- Supabase (database + auth) — supabase.com/privacy
- Stripe (payments) — stripe.com/privacy
- Vercel (hosting) — vercel.com/legal/privacy-policy
- Mapbox (maps) — mapbox.com/legal/privacy
- Resend (email) — resend.com/legal/privacy-policy
- Google (OAuth sign-in) — policies.google.com/privacy
- DeepL (translations — no user-facing cookies)
- Cloudflare (DNS + DDoS protection — no cookies set directly)
Managing your preferences
You can change your cookie preferences at any time by clicking 'Manage cookies' in the footer of any page. You can also clear cookies through your browser settings, though this will sign you out.
If your browser sends the Do Not Track (DNT) signal, we automatically decline all optional cookies.
Questions?
Email travellayoverlegends@gmail.com or contact the Dutch data protection authority: Autoriteit Persoonsgegevens, autoriteitpersoonsgegevens.nl.