This Cookie Policy explains how Łukasz Zapolski, a Polish sole proprietor trading as Łukasz Zapolski (“Grounded”, “we”), uses cookies and similar technologies (localStorage, sessionStorage, pixels) on the grounded.sh website, the customer dashboard, and within the embeddable chat widget served from grounded.sh.
For more on how we handle personal data generally, see our Privacy Policy.
1. What are cookies?
Cookies are small text files placed on your device when you visit a website. “Similar technologies” include browser storage APIs such as localStorage and sessionStorage, which work like cookies but are read only by JavaScript on the page.
2. Categories we use
- Strictly necessary. Required for the Service to function: authentication, security, fraud prevention, basic widget operation. These do not require consent under the GDPR / ePrivacy Directive.
- Functional. Remember non-essential preferences (e.g. language, UI state). Used only when needed; we keep this to a minimum.
- Analytics. Aggregated, privacy-friendly usage statistics. We currently do not use third-party analytics cookies on the marketing site.
- Marketing / advertising. We do not use advertising cookies.
3. Cookies and storage we set
| Name | Purpose | Category | Duration | Set by |
|---|---|---|---|---|
sb-access-token / sb-refresh-token | Supabase authentication session. | Strictly necessary | Session / 7 days | grounded.sh |
sb-provider-token | OAuth provider session, where used. | Strictly necessary | Session | grounded.sh |
__stripe_mid / __stripe_sid | Fraud prevention for Stripe checkout. | Strictly necessary | 1 year / 30 minutes | js.stripe.com |
grounded_visitor_id (localStorage) | Persistent visitor identifier used by the embedded chat widget to remember conversation context across sessions. | Strictly necessary (widget functionality) | Until cleared by the user | The website embedding the widget |
grounded_session_id (localStorage / memory) | Temporary identifier for the current chat session. | Strictly necessary (widget functionality) | Session | The website embedding the widget |
4. The chat widget
When you visit a website that embeds the Grounded chat widget, the widget stores a randomly generated grounded_visitor_id in your browser via localStorage. This identifier lets the chatbot maintain conversational context (e.g. remember what you asked earlier) without us knowing who you are.
The visitor_id is not a tracking cookie: it is not shared across different websites, is not used for advertising, and is read only by the widget on the site that embedded it. You can clear it at any time by clearing browser storage for that site.
The customer operating the chatbot is the controller of any personal data you share with the chatbot, including the visitor_id. Their own privacy notice governs that processing.
5. Managing your preferences
- Browser settings. Most browsers let you delete or block cookies and clear localStorage. Doing so may break authentication and the chat widget.
- Stripe. Stripe’s cookies are set only when you reach the checkout. See Stripe’s cookie settings.
- Do Not Track. We do not currently respond to DNT signals because we do not set tracking cookies.
6. Changes to this policy
If we add new cookies or new categories of cookies, we will update this page and, where required, prompt you for consent through a cookie banner.
7. Contact
Questions about this policy: privacy@grounded.sh.