Contents
COOKIES POLICY
How Re:Galia uses cookies
What cookies are
Cookies are small text files a website stores on your device. They let a site remember who you are between page loads, keep you logged in, and measure how the site is used. Some cookies are essential for the site to work; others are optional and only run with your consent.
Throughout this policy, we use "cookies" as shorthand for cookies, local storage, session storage, and similar technologies. They all work in roughly the same way from a privacy perspective.
How we use cookies
Re:Galia uses cookies for four purposes:
- Authentication — keeping you logged in and protecting against cross-site request forgery.
- Functionality — remembering preferences like your wishlist, filter settings, and theme.
- Security — rate limiting and abuse prevention.
- Analytics — understanding how the site is used so we can improve it. Only with your consent.
We do not use advertising cookies. We do not share cookie-derived data with third-party advertisers. We do not participate in cross-site tracking networks.
Cookies we set
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| sb-<project>-auth-token | Supabase | Keeps you logged in | Strictly necessary | 1 year (refreshed) |
| sb-<project>-auth-token-code-verifier | Supabase | OAuth sign-in flow | Strictly necessary | 10 minutes |
| regalia_csrf | Re:Galia | Cross-site request forgery protection | Strictly necessary | Session |
| regalia_consent | Re:Galia | Remembers your cookie choices | Strictly necessary | 12 months |
| regalia_wishlist (localStorage) | Re:Galia | Remembers your wishlist when logged out | Functional | Until cleared |
| regalia_ratelimit (server-side, keyed by IP) | Upstash | Prevents abuse of login and upload | Security | 24 hours |
| _vercel_jwt | Vercel | Hosting platform session | Strictly necessary | Session |
If you consent to analytics, the following are also set:
| Name | Provider | Purpose | Category | Duration |
|---|---|---|---|---|
| sentry-replay | Sentry | Records anonymised error sessions so we can debug bugs | Analytics | 90 days |
| regalia_analytics_id | Re:Galia | Pseudonymous identifier for usage analytics | Analytics | 12 months |
If we add new cookies we'll update this table and, for analytics or marketing cookies, ask for your consent again.
Managing your preferences
You can change or withdraw your consent at any time:
- Click "Cookie preferences" at the bottom of any page (footer).
- Clear your browser cookies — this will reset your choice and we'll ask again next visit.
- Use your browser's Do-Not-Track setting. We respect Do-Not-Track by default for analytics.
- Use your browser's cookie controls to block specific cookies. Note: blocking "strictly necessary" cookies will break core site functions like staying logged in.
Instructions for the main browsers: Chrome (support.google.com/chrome/answer/95647), Safari (support.apple.com), Firefox (support.mozilla.org), Edge (support.microsoft.com).
Third-party cookies
Most third parties integrated with Re:Galia do not set cookies in your browser — they run server-side only (Supabase database, AWS SES email, Upstash rate limiting, the Kustomer backend API, Sentry server ingestion, Stripe server API).
The exceptions are:
- Stripe — sets cookies during checkout for fraud prevention and to remember saved payment methods.
- Google — if you sign in with Google OAuth, Google may set its own session cookies during the sign-in redirect.
- Vercel Analytics (if enabled) — a cookieless analytics solution by design, but it does aggregate anonymised request data at the edge.
Changes to this policy
We update this Cookies Policy whenever we add, remove, or change the cookies we use. The "Last updated" date at the top will always reflect the most recent change. Material changes — such as adding an analytics or marketing cookie — will trigger a new consent prompt the next time you visit.
Contact
For questions about cookies or this policy, email customerservice@galialahav.com.
CONTACT
Lodge a complaint
You have the right to complain to your local data protection authority at any time. We would appreciate the chance to address your concerns first — write to us before you escalate.