Cookie Policy
This page explains the cookies Instiy uses and why they are required. We currently use cookies for authentication, account security, and core product functionality.
How cookies are used
The cookies listed below help us keep your account secure, maintain your sign-in state, complete two-factor authentication, and protect state-changing requests with CSRF checks. Without these cookies, critical features like login, checkout completion, and protected dashboard actions will not work correctly.
Cookies we set
| Cookie | Purpose | Duration | Category |
|---|---|---|---|
| auth-token | Keeps you signed in to your Instiy account. | 24 hours | Essential authentication |
| pending-2fa-token | Temporarily stores login progress while two-factor verification is pending. | 5 minutes | Essential security |
| user_2fa_verified, admin_2fa_verified, moderator_2fa_verified | Confirms a successful two-factor verification step for protected areas. | 24 hours | Essential security |
| csrf-token | Protects form and API requests against cross-site request forgery attacks. | 8 hours | Essential security |
| sb-*-auth-token, sb-*-code-verifier | Supports Supabase sessions and secure OAuth sign-in completion. | Session or provider-defined | Essential authentication |
| instiy_cookie_consent | Stores your cookie acceptance preference so we do not ask every page load. | 1 year | Essential preference |
Third-party services
Some flows rely on external providers (for example, payment or OAuth sign-in providers). Those providers can set their own cookies on their domains under their own policies.
Managing cookies
You can clear cookies from your browser settings. If you clear essential cookies, you may be signed out and some secure features may stop working until you sign in again and re-verify your session.