VLSTUDIO ← Back to site
// Legal

Cookie &
Tracking Notice

Last updated: July 1, 2026  ·  Effective: July 1, 2026
// This notice lists every piece of information VLStudio Web stores on your device and every cross-origin request the site makes when a page loads, including on this page. There is no cookie-consent banner yet. Section 6 explains what you can do about that today.

Contents

1. What This Notice Covers

2. Client-Side Storage We Use

3. Cross-Origin Loads on Every Page, Including This One

4. Correcting an Earlier Claim

5. The Legal Framework: ePrivacy Directive & UK PECR

6. No Consent Banner Yet: What You Can Do Today

7. What We Do Not Use

8. Changes to This Notice

9. Contact

1. What This Notice Covers

This notice covers VLStudio Web at vlstudio.live: what it stores on your device (in your browser's local storage and session storage) and what it loads from other domains every time a page renders, including legal pages like this one. It does not cover the VLStudio Desktop application, which does not run in a browser and is covered instead by our Privacy Policy.

VLStudio Web does not set traditional HTTP cookies for tracking or advertising purposes. That is a narrower claim than "we do not track you", and this notice explains why: browser storage and cross-origin script loading are, in substance, the same category of concern that cookie law was written to address, and they are present on this site today.

2. Client-Side Storage We Use

The table below is a full inventory of what VLStudio Web writes to your browser. Nothing in this table is a third-party advertising cookie.

ItemStorage typePurposeLifespan
Supabase auth session tokenLocal storageKeeps you signed in between visits and authenticates your requests to our backendUntil you sign out or the session expires
PKCE state / nonce valueSession storageA one-time value used only during the OAuth sign-in handshake, to confirm the sign-in response matches the request that started itCleared once sign-in completes or the tab closes
Per-user UI preference keysLocal storageRemembers interface choices tied to your account, for example layout or dashboard view preferencesUntil you clear it or it is overwritten

None of this storage is used to build an advertising profile of you, and none of it is shared with an ad network. It exists to make the site function for a signed-in user.

3. Cross-Origin Loads on Every Page, Including This One

Separately from what we store, every page of VLStudio Web, including this Cookie & Tracking Notice and our other legal pages, currently loads resources directly from other companies' servers as part of rendering the page. This is a real transfer of information (at minimum your IP address and browser details) to those companies on every page view, whether or not you are signed in and whether or not a cookie is involved.

This means Google and Stripe receive a request from your browser on every page of this site, including this legal page, whether or not you ever sign in, subscribe, or make a purchase. That is a data transfer, and we say so plainly rather than describing this site as free of third-party loads.

4. Correcting an Earlier Claim

An earlier version of our privacy documentation stated that this site does not use third-party tracking. That statement did not account for the Google Fonts and Stripe.js loads described in Section 3. We are correcting it here: those loads are a form of third-party data transmission, even though they do not involve a traditional tracking cookie and even though neither Google Fonts nor Stripe.js is deployed here for advertising purposes. Going forward, this notice, not the earlier "no third-party tracking" language, states our accurate position.

5. The Legal Framework: ePrivacy Directive & UK PECR

The EU ePrivacy Directive (as implemented in Spain and other member states) and the UK Privacy and Electronic Communications Regulations (PECR) both regulate storing information on, or reading information from, a user's device. That rule is not limited to cookies by name: it covers local storage, session storage, and any comparable client-side mechanism, and by extension it is the same policy concern engaged when a page pulls in a cross-origin resource as part of loading.

Under this framework, storing or reading device information generally requires either the user's informed consent or falls within a narrow "strictly necessary" exemption (for example, a session token needed to keep you logged in for a service you asked for). Items in Section 2 that are strictly necessary to sign-in and session continuity, the auth token and the PKCE nonce, can likely rely on that exemption. The Google Fonts and Stripe.js loads described in Section 3 are harder to justify as strictly necessary on every page, including pages, like this one, that have nothing to do with payment or checkout, and are the clearest candidates for requiring consent or removal once a consent mechanism exists.

6. No Consent Banner Yet: What You Can Do Today

A proper consent-management mechanism (a banner that lets you accept or reject non-essential storage and cross-origin loads before they happen) does not exist on VLStudio Web today. This is a gap, not a design choice, and we are treating self-hosting Google Fonts as a priority fix precisely because that load currently runs on the legal pages themselves, including this one, where visitors are least likely to expect a third-party transfer.

Until a consent tool ships, here is what you can do at the browser level to reduce these loads:

None of these browser-level steps require our involvement, and none of them will break core site functionality other than requiring you to sign in again if you clear storage.

7. What We Do Not Use

VLStudio Web does not run third-party advertising trackers, does not use cookies to build cross-site advertising profiles, and does not sell browsing data to data brokers or ad networks. The gap described in this notice is about non-essential technical loads (fonts, payment scripting) and the absence of a consent mechanism for them, not about hidden advertising tracking.

8. Changes to This Notice

We will update this notice as the underlying technical facts change, in particular once Google Fonts is self-hosted and once a real consent-management mechanism ships. See our Terms Versioning Policy for how material changes to any VLStudio legal document are announced.

9. Contact

Questions about this notice or about the storage and cross-origin loads it describes: