Categories we use
- Essential — required for sign-in, session management, CSRF protection and load balancing. Cannot be disabled without breaking the Platform.
- Preference — remember small UI choices such as dismissed banners and last-used filters.
- Analytics — privacy-respecting product analytics that count visits and feature usage in aggregate. No cross-site tracking, no advertising profiles, no third-party advertising pixels.
Cookies we set
- sb-access-token — Essential — authentication session, expires when you sign out (or after up to 7 days of inactivity).
- sb-refresh-token — Essential — refreshes your session in the background, expires when you sign out.
- ds-consent — Preference — records your cookie-banner choice, 12 months.
- ds-cta — Analytics — anonymous identifier used to attribute call-to-action clicks within a single session, 30 days.
- Stripe (__stripe_mid, __stripe_sid) — set by Stripe on payment surfaces for fraud detection. See stripe.com/privacy.
No advertising cookies
We do not use third-party advertising cookies, retargeting pixels, social-media tracking pixels, or cross-site identity graphs.
Managing cookies
Most browsers let you block or delete cookies via Settings → Privacy. Blocking essential cookies will prevent you from signing in. You can also use private/incognito mode to browse without persisting cookies between sessions.
Do Not Track and Global Privacy Control
Where your browser sends a Do Not Track or Global Privacy Control signal, we treat it as a request to disable non-essential analytics for that browser session.
Contact
Questions about cookies: privacy@dentalshift.io. See also our Privacy Policy at /privacy and Terms at /terms.