EvidenceAtlas
Cookie information
What EvidenceAtlas stores in the browser, and why this notice exists.
EvidenceAtlas uses a small set of necessary cookies for authentication and workspace continuity, a few local-storage values for interface preferences, and optional analytics and performance scripts on the public site.
This page is a practical explanation of the current codebase. It is not legal advice.
Specific cookies and storage items
These are the browser-side items currently used by the app or loaded on the public site.
sb-<project-ref>-auth-token
Keeps signed-in sessions working and allows secure session refresh.
Duration: Persistent. Supabase SSR defaults can keep this for up to 400 days unless configuration changes or the user signs out.
sb-<project-ref>-auth-token.0 and chunked variants
Stores larger auth-session payloads when Supabase splits the session across cookie chunks.
Duration: Matches the auth cookie lifetime.
evidenceatlas_active_workspace
Remembers which workspace is active while a signed-in user moves across workspace and project routes.
Duration: Session cookie.
evidenceatlas.theme-preference
Remembers the selected theme: light, dark, or system.
Duration: Until changed or cleared by the user.
evidenceatlas.sidebar-mode
Remembers whether the sidebar is expanded, collapsed, or hover-to-expand.
Duration: Until changed or cleared by the user.
evidenceatlas.quickCapture.lastSourceByProject
Remembers the last source used in quick capture for each project.
Duration: Until changed or cleared by the user.
@vercel/analytics
Measures site usage on the public site. In Vercel's documentation, Web Analytics is described as not using cookies and using a short-lived request-derived identifier instead.
Duration: Loaded only after front-page consent is accepted.
@vercel/speed-insights
Collects Web Vitals and route-level performance measurements for the public site.
Duration: Loaded only after front-page consent is accepted.
Why the banner appears
The short version of the policy logic behind it.
Necessary vs non-essential
Necessary cookies can run because the app depends on them for sign-in and workspace continuity. Analytics and performance tooling are treated as optional on the public landing page, so they wait for a positive choice.
Current implementation
The front-page consent choice is stored once in a `evidenceatlas_cookie_consent` cookie. If consent is accepted, the public site loads Vercel Analytics and Speed Insights. If the visitor chooses only necessary storage, those scripts stay off.
EU / EEA
The GDPR and ePrivacy-style cookie rules generally require clear disclosure and prior consent before non-essential cookies or trackers run.
UK
UK GDPR and PECR apply the same basic pattern: necessary cookies can run, but analytics and similar non-essential technologies usually need informed consent first.
California
CCPA / CPRA focuses on notice, disclosure, and opt-out rights around personal information practices. Cookie disclosures still matter even when consent is handled differently from the EU or UK.
Official references
These sources informed the summary on this page.
This page matches the current repository implementation as of March 11, 2026. If new third-party scripts, analytics providers, or browser storage keys are introduced later, this page should be updated at the same time.