Cookie Policy
Effective May 2, 2026
This Cookie Policy explains how WhatsMyESG (“WME,” “we”) uses cookies and similar storage technologies on whatsmyesg.com. It supplements our Privacy Policy.
Short version. We use only essential cookies and similar local-storage entries needed to operate the site. We do not run advertising trackers, behavioral profiling, social-media pixels, or third-party analytics scripts. We do not sell or share cookie-derived data with anyone.
1. What Cookies Are
A cookie is a small text file a website places on your device to store data such as a sign-in token or a display preference. “Local storage” and “session storage” are related browser features that store similar data without using the cookie format. This Policy covers all three.
2. The Cookies and Storage Entries We Use
| Name & type | Purpose |
|---|---|
| sb-* cookies (Supabase Auth) | Issued after sign-in. Carry your session token so the server recognizes you on subsequent requests. Essential. Expires on sign-out or after the session lifetime configured in Supabase. |
| CSRF token (cookie or header, request-scoped) | Prevents cross-site request forgery on form submissions. Essential. Cleared at the end of the request. |
| wme.cookies.accepted (local storage) | Records that you have dismissed the cookie banner so we do not show it again. Essential for user-experience continuity. Persists until you clear local storage. |
| Cloudflare network cookies (e.g., __cf_bm) | Set by our edge provider (Cloudflare) to distinguish humans from automated traffic and protect against abuse. Essential. Short-lived. We do not read these cookies; Cloudflare uses them to apply its security service. |
3. What We Do Not Use
- No analytics cookies. No Google Analytics, no Plausible-on-load with cross-site identifiers, no Mixpanel, no Heap, no PostHog. If we add analytics in the future, we will update this Policy and the in-product banner before activation.
- No advertising cookies. WME does not run paid advertising and does not place ad-tech cookies on your device.
- No social-media pixels. Despite our presence on X, LinkedIn, Instagram, etc., we do not embed conversion or retargeting pixels from those networks on whatsmyesg.com.
- No cross-site behavioral tracking. We do not build profiles of you for advertising or share personal information for cross-context behavioral advertising as defined under CCPA/CPRA.
4. Consent & the Banner
Because we use only essential cookies and storage entries, we do not request opt-in consent for tracking purposes. The cookie banner you see on your first visit is a courtesy notice; clicking “Accept” simply records that you have read it so we can stop showing the banner. You may dismiss the banner without consenting to any non-essential processing because there is no non-essential processing in scope.
If we add analytics or third-party tracking later. If WhatsMyESG ever integrates a third-party analytics SDK, advertising pixel, or other non-essential tracker, we will update this Policy and the Privacy Policy first, deploy a real consent mechanism (deny-by-default opt-in for EU/UK visitors and an opt-out interface where required by U.S. state law), and will not enable the tracker for any visitor until the consent mechanism is live and the policy update has shipped.
5. Your Choices
You can block or delete cookies at any time using your browser’s settings. If you block essential cookies, the Service may not work — in particular, you may not be able to sign in or stay signed in. Below are vendor-published instructions for the major browsers:
- Apple Safari (macOS, iOS): support.apple.com
- Google Chrome: support.google.com/chrome
- Mozilla Firefox: support.mozilla.org
- Microsoft Edge: support.microsoft.com
- MDN Web Docs — HTTP Cookies overview: developer.mozilla.org
6. Do Not Track
We do not currently respond to a single Do-Not-Track browser signal because no industry consensus has been adopted. Per the California Online Privacy Protection Act § 22575(b)(5), we disclose this here. We do, however, decline by default to track you across third-party sites.
7. Changes
If we add a non-essential cookie category in the future, we will update this Policy, refresh the cookie banner, and where required by law obtain your consent before activation.
8. Contact
Vertexium Environmental Solutions
Dallas, Texas, United States
privacy@whatsmyesg.com · info@whatsmyesg.com