Cookie Policy
Effective May 23, 2026
This Cookie Policy explains how WhatsMyESG (“WME,” “we”) uses cookies and similar storage technologies on whatsmyesg.com. It supplements our Privacy Policy.
Short version. We use essential cookies and similar local-storage entries needed to operate the site, plus a cookieless analytics service (Vercel Analytics) that measures aggregate traffic without cookies, without cross-site profiling, and without identifying you. We do not currently run advertising or measurement pixels (such as Meta or LinkedIn). We may enable such pixels in the future for advertising measurement; if we do, each provider will be named in this Policy with opt-out instructions. We do not sell cookie-derived data.
1. What Cookies Are
A cookie is a small text file a website places on your device to store data such as a sign-in token or a display preference. “Local storage” and “session storage” are related browser features that store similar data without using the cookie format. This Policy covers all three.
2. The Cookies and Storage Entries We Use
| Name & type | Purpose |
|---|---|
| sb-* cookies (Supabase Auth) | Issued after sign-in. Carry your session token so the server recognizes you on subsequent requests. Essential. Expires on sign-out or after the session lifetime configured in Supabase. |
| CSRF token (cookie or header, request-scoped) | Prevents cross-site request forgery on form submissions. Essential. Cleared at the end of the request. |
| wme.cookies.accepted (local storage) | Records that you have dismissed the cookie banner so we do not show it again. Essential for user-experience continuity. Persists until you clear local storage. |
| Cloudflare network cookies (e.g., __cf_bm) | Set by our edge provider (Cloudflare) to distinguish humans from automated traffic and protect against abuse. Essential. Short-lived. We do not read these cookies; Cloudflare uses them to apply its security service. |
3. Analytics & What We Currently Do Not Use
- Cookieless analytics (in use).We use Vercel Analytics to understand aggregate site traffic — page views, referrers, approximate region, and device type. It does not set cookies, does not build a cross-site profile of you, and does not store personally identifying information. Measurement is aggregate and first-party in nature.
- No third-party analytics SDKs (today). We do not currently load Google Analytics, Mixpanel, Heap, PostHog, or similar cross-site analytics scripts.
- Advertising & measurement pixels (not active today). Pixels such as the Meta Pixel and the LinkedIn Insight Tag are not currently active on whatsmyesg.com. We may enable advertising or measurement pixels in the future for advertising measurement and attribution. If we do, we will name each provider in this Policy and provide opt-out instructions before or at the time the pixel becomes active.
- No sale of personal information. We do not sell personal information or share it for cross-context behavioral advertising as defined under CCPA/CPRA.
4. Consent & the Banner
Today we use only essential cookies plus cookieless analytics, so the cookie banner you see on your first visit is primarily a courtesy notice; clicking “Accept” records that you have read it so we can stop showing the banner. Cookieless analytics does not place any cookie on your device.
If we enable advertising or measurement pixels later. Before any third-party advertising pixel, measurement tag, or other non-essential tracker that sets cookies becomes active, we will update this Policy and the Privacy Policy to name the provider, refresh the cookie banner, and provide a consent or opt-out mechanism where required by law (deny-by-default opt-in for EU/UK visitors and an opt-out interface where required by U.S. state law).
5. Your Choices
You can block or delete cookies at any time using your browser’s settings. If you block essential cookies, the Service may not work — in particular, you may not be able to sign in or stay signed in. Below are vendor-published instructions for the major browsers:
- Apple Safari (macOS, iOS): support.apple.com
- Google Chrome: support.google.com/chrome
- Mozilla Firefox: support.mozilla.org
- Microsoft Edge: support.microsoft.com
- MDN Web Docs — HTTP Cookies overview: developer.mozilla.org
6. Do Not Track
We do not currently respond to a single Do-Not-Track browser signal because no industry consensus has been adopted on how to interpret it. Per the California Online Privacy Protection Act § 22575(b)(5), we disclose this here. Our current analytics is cookieless and aggregate, and we do not build cross-site advertising profiles of you. If we enable advertising or measurement pixels in the future, we will honor applicable opt-out signals (including the Global Privacy Control where required by law) as described above.
7. Changes
If we add a non-essential cookie category in the future, we will update this Policy, refresh the cookie banner, and where required by law obtain your consent before activation.
8. Contact
Vertexium Environmental Solutions
Dallas, Texas, United States
privacy@whatsmyesg.com · info@whatsmyesg.com