Cookie Policy
Last updated: 2026-05-05
What cookies are
Cookies are small files placed on your device by websites you visit. They're used for things like keeping you signed in, remembering preferences, and (with your consent) measuring how a site is used. We group ours into four categories — strictly necessary, functional, analytics, marketing — and only the strictly-necessary ones run by default. The rest stay off until you opt in via Cookie settings.
Cookies we set
This is the actual list, populated from the codebase. If a value is uncertain we mark it <<verify>> rather than guess.
| Name | Category | Purpose | Provider | Duration |
|---|---|---|---|---|
| sb-access-token | Necessary | Keeps you signed in (Supabase Auth session). | Supabase | 1 hour (refreshed) |
| sb-refresh-token | Necessary | Renews your sign-in session without asking for credentials again. | Supabase | Until sign-out (rolling) |
| cookie_consent | Necessary | Remembers your cookie-preference choice. | NRI Retire Wise | 13 months |
| __stripe_mid / __stripe_sid | Necessary | Stripe fraud prevention on the payment flow. Set on Stripe-hosted pages, not on ours. | Stripe | Up to 1 year (Stripe-managed) |
| — | Functional | None set today. If we add a preference (e.g. preferred currency saved to a cookie) it will appear here. | — | — |
| — | Analytics | None set today. No analytics SDK is currently installed. | — | — |
| — | Marketing | None set today. We don't run ad pixels or remarketing. | — | — |
We also use localStorage for things that aren't cookies but serve a similar purpose: your in-progress retirement plan (so it survives a refresh) and a mirror of your cookie-consent choice. localStorage stays in your browser and is never automatically transmitted to us — but you can clear it via your browser settings or by signing out.
How to change your preferences
Use Cookie settings to open the preferences modal at any time. Toggle a category off and the matching cookies / SDKs stop running on your next page load. Toggling marketing or analytics on doesn't auto-fire SDKs that aren't installed — it just sets your preference for when we add them.
How to control cookies in your browser
Most browsers let you block or delete cookies via Settings → Privacy / Site data. Reference guides:
Note: blocking strictly-necessary cookies will prevent sign-in.