Cookie Policy

RaceReports uses a small number of cookies and similar browser storage. We don't run advertising trackers and we don't share cookie data with third parties beyond the listed providers.

What we set

• Session cookies (required): Supabase sets HTTP-only session cookies (sb-access-token, sb-refresh-token) when you sign in. Without these you can't stay signed in. They expire when your session ends or when you sign out.
• Local storage (functional): we cache a few preferences in localStoragefor unauthenticated visitors — your “Joining/Interested” toggles on the events page, your race-day checklist progress, and similar UI state. Clearing your browser storage resets these.
• OAuth state cookies (transient): when you sign in with Google or Strava we briefly store a state token to verify the callback. These cookies are deleted as soon as you complete the flow.

What we don't set

• No advertising or behavioural-tracking cookies.
• No cross-site tracking pixels.
• No third-party analytics that fingerprint you across sessions.

Server-side telemetry

We log page views in a server-side table (event_page_views) keyed by an anonymous per-session identifier — not your IP and not your account. The data is used in aggregate by event organisers to gauge demand for their races. See the privacy policy for details.

Your choices

You can clear cookies and local storage from your browser settings at any time. Doing so will sign you out and reset any unsaved preferences. We don't serve a cookie banner because we don't set non-essential cookies — there's nothing to consent to.

Contact

Questions: hello@racereports.co.