Cookies are small text files placed on your device by websites you visit. They serve functions such as keeping you logged in, remembering your preferences, or enabling certain technical features. Similar technologies include localStorage (browser storage) and CDN requests that may transmit your IP address to third-party servers when loading resources.
This policy covers vantagevault.dev and is operated by SyncPointFlow. For our full privacy practices, see the Privacy Policy →
We use the minimum number of technologies required to operate the site. We do not use advertising cookies, analytics trackers, social media pixels, or cross-site tracking of any kind.
We divide our technologies into two categories:
| Name / Key | Provider | Type | Purpose | Duration |
|---|---|---|---|---|
sb-*-auth-token |
Supabase Inc. (USA) | localStorage | Stores your authentication access token and refresh token so you remain logged in across page loads. Supabase is our core authentication and database provider โ the site cannot function without it. | Session / until logout |
| Supabase JS SDK (via jsDelivr CDN) | Supabase Inc. (USA) & Prospect One Sp. z o.o., ul. Krolowej Jadwigi 246, 30-212 Krakow, Poland (EU) | External JS request (CDN) | The Supabase authentication library (@supabase/supabase-js@2) is loaded from the jsDelivr CDN to enable login, registration, and session management. This request is strictly necessary for authentication to work and is made on every page load regardless of your cookie preference. Your IP address and browser information are transmitted to jsDelivr servers in the process. |
On every page load |
vv_cookie_consent |
VantageVault (first-party) | localStorage | Records your cookie consent choice (accept / reject / custom) to prevent the banner from re-appearing on every visit. | Persistent (until cleared) |
vv_cookie_functional |
VantageVault (first-party) | localStorage | Records whether you have enabled functional cookies (true/false) to gate font loading on subsequent visits. | Persistent (until cleared) |
vv_consent_log |
VantageVault (first-party) | localStorage | Stores a timestamped audit log of your last 5 consent decisions (choice, timestamp, user-agent, policy version) as required by GDPR. Never transmitted to our servers. | Persistent — last 5 records kept |
// WHY SUPABASE & JSDELIVR ARE NECESSARY: VantageVault's entire authentication system — login, registration, session management, and password reset — is built on Supabase. The jsDelivr CDN request that delivers the Supabase SDK is therefore strictly necessary under the ePrivacy Directive and does not require your consent. Without it, no authentication is possible and the site cannot serve its core purpose.
| Service | Third Party | Type | Purpose | Data Sent to Third Party | Their Privacy Policy |
|---|---|---|---|---|---|
| Google Fonts | Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA | External HTTP request (CSS & font files) | Loads the Share Tech Mono, Bebas Neue, and DM Sans typefaces from Google's servers. If you reject cookies or before you make a choice, system font fallbacks (Courier New, Arial Black, system-ui) are applied — the site remains fully usable without these fonts. | Your IP address, browser/device information, referrer URL, and the list of requested fonts | policies.google.com/privacy |
| Service | Third Party | Type | Purpose | Data Shared | Their Privacy Policy |
|---|---|---|---|---|---|
| Resend | Resend Inc., 2261 Market Street #5039, San Francisco, CA 94114, USA | Server-to-server API call (no browser request) | Delivers transactional emails on our behalf: email verification OTP codes, password reset links, and signup confirmation messages. Resend never contacts your browser and sets no cookies. It is triggered only when you perform an account action (register, reset password). | Your email address and message content (OTP or reset link) — transmitted server-to-server only | resend.com/privacy |
| HuggingFace Spaces | HuggingFace Inc., 20 Jay St Suite 620, Brooklyn, NY 11201, USA | Server-side API proxy (no browser cookies) | Hosts our secure API proxy. All requests from the website and desktop app are routed through this proxy to reach our backend. Your IP address is processed ephemerally (15-minute rolling window) for rate limiting only — it is not logged or stored. | IP address (ephemeral, rate limiting only), API request payloads | huggingface.co/privacy |
// WHAT IS ACTUALLY BLOCKED UNTIL CONSENT: On your first visit, only Google Fonts is withheld pending your choice. The Supabase SDK (via jsDelivr) loads immediately on every page visit as it is strictly necessary for authentication. If you click Reject, Google Fonts are not loaded and system fonts are used — but you can still log in, register, and use all core features normally. Resend and HuggingFace are server-side only and are never loaded in your browser regardless of your choice.
The following third parties may access data in connection with our site. Each maintains their own privacy policy:
You can change your cookie preferences at any time. Click the ๐ช button in the bottom-left corner of the website to reopen the consent panel.
You can also control cookies through your browser settings:
To clear consent records stored by VantageVault specifically, open your browser's developer tools (F12) → Application → Local Storage → vantagevault.dev, and delete the keys vv_cookie_consent, vv_cookie_functional, and vv_consent_log. The cookie banner will re-appear on your next visit.
As required under GDPR and the ePrivacy Directive, we maintain a record of your consent. This record is stored locally in your browser's localStorage under vv_consent_log and contains:
This record is not transmitted to our servers. It is a client-side record only. The last 5 consent events are retained; older records are automatically overwritten.
Necessary technologies (Supabase auth tokens, jsDelivr SDK delivery, first-party consent storage) are processed under legitimate interests (Art. 6(1)(f) GDPR) and contractual necessity (Art. 6(1)(b) GDPR). The ePrivacy Directive's strictly necessary exemption applies to the jsDelivr/Supabase SDK request as it is essential to the authentication service you have requested.
Functional cookies (Google Fonts) are processed solely on the basis of your explicit consent (Art. 6(1)(a) GDPR / ePrivacy Directive). You may withdraw consent at any time — the site continues to function using system font fallbacks.
Server-side processors (Resend, HuggingFace) operate with no browser-side cookies and are processed under contractual necessity (Art. 6(1)(b)) as infrastructure required to deliver the Service.
For cookie-related enquiries, to exercise your rights, or for any other reasons you can contact us at:
SyncPointFlow / VantageVault
Email: syncpointflow@vantagevault.dev
Email: contact@vantagevault.dev
Email: security@vantagevault.dev
Email: support@vantagevault.dev
Website: vantagevault.dev
See also: Privacy Policy · Terms of Service