Cookie Policy

Last updated: May 2026

This page explains how BerrySure uses cookies and similar technologies when you visit our website or sign in to the workspace.

Essential cookies

When staff sign in, we set a session cookie (Supabase auth token) so the server can keep you signed in securely. This cookie is essential for authentication. It uses SameSite=Lax, a seven-day maximum age, and is cleared when you sign out.

Admin area

Users accessing the admin section may receive an additional short-lived, httpOnly PIN verification cookie limited to the /admin path.

Local storage (not cookies)

• Cookie consent preference — stored as berrysure_cookie_consent when you click Accept or Essential only on the banner.
• Theme preference — light or dark mode (berrysure_theme).
• Client portal session — encrypted storage for policyholder sign-in (separate from staff auth cookies).

Analytics & marketing

BerrySure does not currently use third-party advertising or analytics cookies on the landing page. If this changes, we will update this policy and the consent banner.

Your choices

On first visit, a consent banner lets you accept or choose essential-only. Staff login requires essential session cookies. You can clear cookies via your browser settings; signing out removes auth cookies.

Contact

Questions: see our contact page.