SpotHOA
Get started
← Home

cookie policy

Last updated April 23, 2026

SpotHOA only uses strictly-necessary cookies (Stytch session, CSRF, Turnstile) plus a few functional local-storage items (theme, dismissed banners). No analytics, no advertising, no third-party tracking. You can clear or block cookies at any time in your browser settings.

01 What cookies are

Cookies are small pieces of data a website stores in your browser. They help the site remember who you are between page loads so you don't have to sign in again every time. Related technologies (local storage, session storage, service worker caches) behave similarly and are covered by this policy.

02 Strictly necessary cookies

These are required for the service to work. You can't opt out of them; if you block them, parts of SpotHOA will stop functioning.

  • Stytch session cookie — keeps you signed in. Set by Stytch, our authentication provider. Required for every authenticated page load.
  • CSRF cookie — protects against cross-site request forgery on form submissions.
  • Cloudflare Turnstile — temporary challenge token on public forms (signups, feedback, newsletter) so we can tell humans from bots without tracking you.

03 Functional cookies and local storage

These improve the experience but aren't strictly required. We use local or session storage instead of cookies for most of these.

  • Theme preference — if you pick a light/dark mode preference, we store it in local storage so the next visit remembers.
  • Dismissed banners — once you dismiss the mobile install banner or narrow-viewport tip, we store the dismissal in local storage so it doesn't reappear.
  • Draft-notice banner (this set of legal pages) — dismissal is stored in session storage and expires when you close the browser.

04 What we don't use

SpotHOA does not set:

  • Analytics cookies (no Google Analytics, no Mixpanel, no first-party analytics).
  • Advertising, retargeting, or conversion-tracking cookies.
  • Third-party social-media cookies (no Facebook pixel, no Twitter pixel).

The only exception is email delivery: open and link-click tracking in transactional emails goes through Resend, and uses a one-pixel image and signed link redirects for that specific email. Unsubscribe kills the tracking for that recipient.

05 How to clear or block cookies

All modern browsers let you inspect, clear, or block cookies per site. The shortcuts below are the common ones (menus change over time):

  • Chrome: Settings → Privacy and security → Cookies and other site data.
  • Safari: Settings → Privacy → Manage Website Data.
  • Firefox: Settings → Privacy & Security → Cookies and Site Data.
  • Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data.

If you block the Stytch session cookie, you'll be signed out. If you block Turnstile, public forms will fail their bot check. Everything else is optional.