1. What are cookies?
Cookies are small text files stored on your device by your browser when you visit a website. They allow the site to remember information about your visit (like whether you're logged in) so you don't have to re-enter it every time.
Similar technologies (local storage, session storage) work differently under the hood but serve analogous purposes. This policy covers all of them.
2. Cookies we use
2.1 Strictly necessary cookies
These cookies are required for the Service to function. You cannot opt out of them without also opting out of the Service itself.
| Name | Purpose | Duration |
|---|---|---|
sb-access-token | Supabase authentication session. Keeps you signed in. | 1 hour (auto-refreshed) |
sb-refresh-token | Used to silently refresh your access token without re-authentication. | 60 days |
omako-csrf | Cross-site request forgery protection for form submissions. | Session |
2.2 Preference cookies
These cookies remember choices you make so we don't ask again. They are set only after you interact with the relevant feature.
| Name | Purpose | Duration |
|---|---|---|
omako-cookie-consent | Stores whether you have acknowledged this cookie policy. | 1 year |
omako-theme | Stores your preferred UI colour scheme (when theme switching is available). | 1 year |
2.3 What we do not use
- Advertising cookies: we run no ad networks and set no targeting cookies.
- Cross-site tracking: we do not embed third-party pixels that track your behaviour outside Omako.
- Google Analytics or similar: we measure usage through server-side logs only, not client-side analytics scripts.
3. Third-party cookies
Some third-party services we integrate may set their own cookies. Where we have control, we configure them to minimise data collection. The services most likely to set cookies are:
- Razorpay: payment provider. May set session cookies during checkout to prevent fraud. Razorpay's own cookie policy governs their data use.
- Supabase: authentication and database. Authentication tokens are set as described in section 2.1.
We do not embed social media widgets, YouTube iframes, or other third-party content that routinely sets tracking cookies.
4. How to control cookies
You can manage cookies through your browser settings. Most browsers let you:
- See all cookies set on a domain
- Delete individual cookies or all cookies
- Block cookies from specific domains or all third parties
- Be notified before a cookie is set
Note that blocking strictly necessary cookies (section 2.1) will prevent you from staying logged in to Omako. The Service will still load but you will need to authenticate on every visit.
Browser-specific instructions:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
5. Do Not Track
Some browsers send a "Do Not Track" (DNT) signal. Because we do not use cross-site tracking, our behaviour does not change based on the DNT signal, and you are also not being tracked regardless of whether you send it.
6. Changes to this policy
If we introduce new cookies (for example, when we launch a new feature) we will update this policy and display a notice in the product at least 7 days before the change takes effect.
This policy was last updated on 22 May 2026. We will always keep a dated version here.
7. Contact
Questions about how we use cookies? Write to privacy@omako.app. We respond within 48 hours.
Questions about this document? Write to us at privacy@omako.app and a real person will respond.