Legal
Cookie Policy
Effective Date: April 25, 2026 · Last Updated: April 28, 2026
ZhanPlan LLC · Tampa, Florida · support@zhanplan.com
ZhanPlan LLC (“ZhanPlan,” “we,” “us,” or “our”) believes in privacy by design. We have deliberately built ZhanPlan to use the absolute minimum number of cookies necessary to operate the Services. This Cookie Policy explains exactly what cookies and similar tracking technologies we use, why we use them, and how you can control them.
The short version: We use one session cookie to keep you logged in. Our analytics are completely cookieless. We do not use advertising cookies, social media tracking pixels, or any cross-site tracking technology.
1. What Are Cookies?
Cookies are small text files that a website places on your device when you visit. They can store information like session identifiers, preferences, or tracking IDs. Not all “cookies” are traditional browser cookies — the term also encompasses related technologies like localStorage, sessionStorage, web beacons, and device fingerprinting. This policy covers all such technologies. Web browsers allow you to view, manage, and delete cookies through your browser settings.
2. Cookies We Use
ZhanPlan sets only the cookies listed below. We do not set any others.
2.1 Strictly Necessary Cookies
These cookies are required for the Services to function. They cannot be disabled without breaking core functionality (such as staying logged in). They do not track you for advertising purposes.
| Cookie Name | Purpose | Duration | First / Third Party |
|---|---|---|---|
| sb-[project]-auth-token | Keeps you authenticated (logged in) between page loads and browser sessions | Session / up to 1 week (refreshed on activity) | First party (set by Supabase Auth on our domain) |
| sb-[project]-auth-token-code-verifier | PKCE code verifier used during OAuth sign-in flow (Apple/Google SSO) | Session only (deleted after sign-in completes) | First party |
2.2 Functional Storage (Local Storage)
These items are stored in your browser’s localStorage on your device only. They never leave your device and are not transmitted to our servers or any third party.
| Key Name | Purpose | Duration |
|---|---|---|
| mz_cookie_consent | Stores your cookie consent choice (“accepted” or “declined”) so the consent banner does not appear on every visit | Until you clear browser storage |
| PWA / offline cache | Service worker caches static app assets for offline use (PWA functionality). No personal financial data is cached. | Until browser cache is cleared or PWA is uninstalled |
2.3 Analytics — Cookieless (Vercel Analytics)
We use Vercel Analytics to understand how users interact with the Services (e.g., which pages are most visited, what devices are used, session counts). Vercel Analytics is a privacy-first analytics product with the following key properties:
- No cookies — Vercel Analytics does not set any cookies on your device
- No personal data collected — it does not collect your name, email, or any directly identifying information
- No cross-site tracking — it does not track you across other websites or apps
- No advertising profiles — data is never used for targeting advertisements
- Aggregated only — all metrics are reported in aggregate; individual user sessions are not stored or identifiable
- IP anonymization — IP addresses are used only to derive approximate country/region and are immediately discarded
Because Vercel Analytics is cookieless and collects no personal data, it does not require cookie consent under most privacy laws. We include this disclosure for complete transparency.
3. What We Do NOT Use
For complete transparency, here is what ZhanPlan does not use:
- No Google Analytics, Google Tag Manager, or any Google tracking products
- No Meta (Facebook) Pixel or any Meta tracking technology
- No TikTok, Pinterest, Twitter/X, Snapchat, or other social media tracking pixels
- No cross-site behavioral advertising cookies
- No third-party advertising networks
- No retargeting or remarketing cookies
- No heatmap or session recording tools that capture keystrokes or screen recordings
- No third-party chat widgets (other than our own support form)
- No affiliate tracking cookies
4. Third-Party Cookies
The only third-party cookies that may be set when using ZhanPlan come from:
Stripe (Payment Processing). When you visit a checkout page or interact with Stripe’s payment UI, Stripe may set cookies on their own domain (stripe.com) for fraud prevention, security, and to remember your browser for payment risk assessment. These are set by Stripe’s domain, not ZhanPlan’s, and are governed by Stripe’s Cookie Policy at stripe.com/cookie-settings.
Apple / Google Sign-In. If you use “Sign in with Apple” or “Sign in with Google,” those providers may set cookies on their own domains as part of their authentication flow. These are governed by Apple’s and Google’s respective privacy policies.
Plaid Financial LLC (Auto Sync — optional). If you use the optional Auto Sync feature to connect a bank account, Plaid’s Link interface runs in a secure iframe hosted on Plaid’s domain (cdn.plaid.com). During the bank connection flow, Plaid may use sessionStorage and cookies on its own domain for fraud prevention, session management, and security purposes. These are set by Plaid’s domain, not ZhanPlan’s, and are governed by Plaid’s Privacy Policy. Plaid does not set any persistent tracking cookies on the zhanplan.com domain.
ZhanPlan has no control over cookies set by third-party domains and is not responsible for those cookies.
5. Your Cookie Choices
5.1 Cookie Consent Banner
On your first visit to ZhanPlan, we display a cookie consent banner. You may choose “Accept” or “Decline.” Your choice is stored in localStorage. You can change your choice at any time by clearing your browser’s localStorage (see Section 5.3).
5.2 Strictly Necessary Cookies Cannot Be Disabled
The Supabase authentication session cookies are essential for the Services to function. If you decline cookies, these session cookies are still required for authentication. Disabling them through your browser settings will prevent you from staying logged in. You can still use ZhanPlan but will need to log in each visit.
5.3 Browser Settings
You can manage, block, or delete cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Privacy, search, and services → Cookies
- iOS Safari: Settings → Safari → Advanced → Website Data
- Android Chrome: Chrome menu → Settings → Privacy → Clear browsing data
5.4 Global Privacy Control (GPC)
ZhanPlan honors the Global Privacy Control (GPC) signal. If your browser or browser extension sends a GPC signal (a machine-readable opt-out of sale/sharing of personal data), we treat it as a valid opt-out under California’s CPRA and other applicable laws. You can enable GPC in browsers and extensions such as Firefox, Brave, DuckDuckGo, and the Privacy Badger extension.
5.5 Do Not Track (DNT)
Some browsers offer a “Do Not Track” (DNT) signal. We note that DNT does not have a universally agreed-upon standard and third-party services we use may not respond to DNT signals. Because ZhanPlan already does not use behavioral tracking or advertising cookies, DNT does not change how we process your data. For stronger privacy controls, use the GPC signal (Section 5.4) or browser-level cookie blocking.
6. Cookies and Mobile Apps
When you use ZhanPlan as an installed mobile app (PWA — Progressive Web App), cookies and localStorage function as described above within the app’s web context. If ZhanPlan is distributed as a native app through the Apple App Store or Google Play in the future, mobile app tracking practices may be governed by platform-specific identifiers (such as Apple’s App Tracking Transparency framework). We will update this policy accordingly. ZhanPlan does not use IDFA (iOS Advertising Identifier) or Android Advertising ID for advertising purposes.
7. California Residents — CPRA / CCPA
Under the California Privacy Rights Act (CPRA), California residents have the right to opt out of the “sale” or “sharing” of personal information. ZhanPlan does not sell personal information. To the extent Vercel Analytics processes IP-derived information for aggregate analytics reporting, this might technically qualify as “sharing” under CPRA. You may opt out by: (a) enabling the Global Privacy Control (GPC) signal in your browser; or (b) emailing support@zhanplan.com with the subject “Do Not Share.” See our Privacy Policy Section 14 for full California rights.
8. Changes to This Cookie Policy
We may update this Cookie Policy when we add or remove technologies, or when laws require disclosure updates. We will update the “Last Updated” date above and provide notice through the Services or by email for material changes. Your continued use of the Services after the effective date constitutes acceptance of the updated Cookie Policy.
9. Contact Us
ZhanPlan LLC
Tampa, Florida, United States
Email: support@zhanplan.com
Web: zhanplan.com/cookies
For questions about our cookie practices, your privacy rights, or to submit a Do Not Sell/Share opt-out request, contact us at the email above.