Cookie &
Tracking Notice
Contents
3. Cross-Origin Loads on Every Page, Including This One
4. Correcting an Earlier Claim
5. The Legal Framework: ePrivacy Directive & UK PECR
1. What This Notice Covers
This notice covers VLStudio Web at vlstudio.live: what it stores on your device (in your browser's local storage and session storage) and what it loads from other domains every time a page renders, including legal pages like this one. It does not cover the VLStudio Desktop application, which does not run in a browser and is covered instead by our Privacy Policy.
VLStudio Web does not set traditional HTTP cookies for tracking or advertising purposes. That is a narrower claim than "we do not track you", and this notice explains why: browser storage and cross-origin script loading are, in substance, the same category of concern that cookie law was written to address, and they are present on this site today.
2. Client-Side Storage We Use
The table below is a full inventory of what VLStudio Web writes to your browser. Nothing in this table is a third-party advertising cookie.
| Item | Storage type | Purpose | Lifespan |
|---|---|---|---|
| Supabase auth session token | Local storage | Keeps you signed in between visits and authenticates your requests to our backend | Until you sign out or the session expires |
| PKCE state / nonce value | Session storage | A one-time value used only during the OAuth sign-in handshake, to confirm the sign-in response matches the request that started it | Cleared once sign-in completes or the tab closes |
| Per-user UI preference keys | Local storage | Remembers interface choices tied to your account, for example layout or dashboard view preferences | Until you clear it or it is overwritten |
None of this storage is used to build an advertising profile of you, and none of it is shared with an ad network. It exists to make the site function for a signed-in user.
3. Cross-Origin Loads on Every Page, Including This One
Separately from what we store, every page of VLStudio Web, including this Cookie & Tracking Notice and our other legal pages, currently loads resources directly from other companies' servers as part of rendering the page. This is a real transfer of information (at minimum your IP address and browser details) to those companies on every page view, whether or not you are signed in and whether or not a cookie is involved.
- Google Fonts, loaded from fonts.googleapis.com and fonts.gstatic.com on every page. Loading a font this way sends your IP address to Google at the moment the page renders, before you interact with anything on the page.
- Stripe.js, loaded globally on every page load, not only on checkout or billing pages, so that billing functionality is available wherever it is needed. This sends information to Stripe's servers on pages that have nothing to do with payment.
- Other CDN-hosted scripts used by the site's front end, which are loaded the same way and carry the same cross-origin transfer characteristics as the two items above.
4. Correcting an Earlier Claim
An earlier version of our privacy documentation stated that this site does not use third-party tracking. That statement did not account for the Google Fonts and Stripe.js loads described in Section 3. We are correcting it here: those loads are a form of third-party data transmission, even though they do not involve a traditional tracking cookie and even though neither Google Fonts nor Stripe.js is deployed here for advertising purposes. Going forward, this notice, not the earlier "no third-party tracking" language, states our accurate position.
5. The Legal Framework: ePrivacy Directive & UK PECR
The EU ePrivacy Directive (as implemented in Spain and other member states) and the UK Privacy and Electronic Communications Regulations (PECR) both regulate storing information on, or reading information from, a user's device. That rule is not limited to cookies by name: it covers local storage, session storage, and any comparable client-side mechanism, and by extension it is the same policy concern engaged when a page pulls in a cross-origin resource as part of loading.
Under this framework, storing or reading device information generally requires either the user's informed consent or falls within a narrow "strictly necessary" exemption (for example, a session token needed to keep you logged in for a service you asked for). Items in Section 2 that are strictly necessary to sign-in and session continuity, the auth token and the PKCE nonce, can likely rely on that exemption. The Google Fonts and Stripe.js loads described in Section 3 are harder to justify as strictly necessary on every page, including pages, like this one, that have nothing to do with payment or checkout, and are the clearest candidates for requiring consent or removal once a consent mechanism exists.
6. No Consent Banner Yet: What You Can Do Today
Until a consent tool ships, here is what you can do at the browser level to reduce these loads:
- Use a browser extension or built-in setting that blocks third-party font and script loading (most modern browsers and ad-blocking extensions can do this).
- Use your browser's tracking-protection or "strict" privacy mode, which typically blocks or isolates cross-origin requests like the Google Fonts and Stripe.js loads described above.
- Clear local storage and session storage for vlstudio.live from your browser's site-data settings at any time; this will sign you out and require you to sign in again.
- Use private/incognito browsing if you do not want the auth token or UI preference keys to persist between sessions.
None of these browser-level steps require our involvement, and none of them will break core site functionality other than requiring you to sign in again if you clear storage.
7. What We Do Not Use
VLStudio Web does not run third-party advertising trackers, does not use cookies to build cross-site advertising profiles, and does not sell browsing data to data brokers or ad networks. The gap described in this notice is about non-essential technical loads (fonts, payment scripting) and the absence of a consent mechanism for them, not about hidden advertising tracking.
8. Changes to This Notice
We will update this notice as the underlying technical facts change, in particular once Google Fonts is self-hosted and once a real consent-management mechanism ships. See our Terms Versioning Policy for how material changes to any VLStudio legal document are announced.
9. Contact
Questions about this notice or about the storage and cross-origin loads it describes:
- Email: [[CONTACT_EMAIL_PRIVACY]], interim address: vlstudiopartners@hotmail.com
- Postal: Vladyslav Zhminko, Carrer de Valencia 191, 6.1, 08011, Barcelona, Spain
- Related: our Privacy Policy, Section 13 summarizes this notice; this page is the full detail.
VLSTUDIO
← Back to site