EvidenceAtlas
Cookie information
What EvidenceAtlas stores in the browser, and why this notice exists.
EvidenceAtlas uses a small set of necessary cookies for authentication and workspace continuity, a few local-storage values for interface preferences, and optional analytics and performance scripts on the public site.
This page is a practical explanation of the current codebase. It is not legal advice.
Specific cookies and storage items
These are the browser-side items currently used by the app or loaded on the public site.
sb-<project-ref>-auth-token
Keeps signed-in sessions working and allows secure session refresh.
Duration: Persistent. Supabase SSR defaults can keep this for up to 400 days unless configuration changes or the user signs out.
sb-<project-ref>-auth-token.0 and chunked variants
Stores larger auth-session payloads when Supabase splits the session across cookie chunks.
Duration: Matches the auth cookie lifetime.
evidenceatlas_active_workspace
Remembers which workspace is active while a signed-in user moves across workspace and project routes.
Duration: Session cookie.
evidenceatlas.theme-preference
Remembers whether the interface follows light mode, dark mode, or the system preference.
Duration: Until changed or cleared by the user.
evidenceatlas.theme-palette
Remembers the selected color palette used across the dashboard and public site.
Duration: Until changed or cleared by the user.
evidenceatlas.theme-custom-palette
Stores the saved Custom palettes created in the advanced appearance editor.
Duration: Until changed or cleared by the user.
evidenceatlas.theme-random-palette
Stores the latest generated Random palette so it can be reapplied across refreshes.
Duration: Until changed or cleared by the user.
evidenceatlas.sidebar-mode
Remembers whether the sidebar is expanded, collapsed, or hover-to-expand.
Duration: Until changed or cleared by the user.
evidenceatlas.quickCapture.lastSourceByProject
Remembers the last source used in quick capture for each project.
Duration: Until changed or cleared by the user.
@vercel/analytics
Measures site usage on the public site. In Vercel's documentation, Web Analytics is described as not using cookies and using a short-lived request-derived identifier instead.
Duration: Loaded only after front-page consent is accepted.
@vercel/speed-insights
Collects Web Vitals and route-level performance measurements for the public site.
Duration: Loaded only after front-page consent is accepted.
Cookie preferences
Review the current consent choice and update whether optional analytics can run on the public site.
Current consent
The banner will keep showing until you save a cookie preference.
Necessary cookies and storage
Required for sign-in, workspace continuity, and interface preferences.
Controls Vercel Analytics and Speed Insights on the public site.
Stored in evidenceatlas_cookie_consent.
Save after changing the switch to update your preference.
Why the banner appears
The short version of the policy logic behind it.
Necessary vs non-essential
Necessary cookies can run because the app depends on them for sign-in and workspace continuity. Analytics and performance tooling are treated as optional on the public landing page, so they wait for a positive choice.
Current implementation
The front-page consent choice is stored once in theevidenceatlas_cookie_consentcookie. If consent is accepted, the public site loads Vercel Analytics and Speed Insights. If the visitor chooses only necessary storage, those scripts stay off.
EU / EEA
The GDPR and ePrivacy-style cookie rules generally require clear disclosure and prior consent before non-essential cookies or trackers run.
UK
UK GDPR and PECR apply the same basic pattern: necessary cookies can run, but analytics and similar non-essential technologies usually need informed consent first.
California
CCPA / CPRA focuses on notice, disclosure, and opt-out rights around personal information practices. Cookie disclosures still matter even when consent is handled differently from the EU or UK.
Official references
These sources informed the summary on this page.
This page matches the current repository implementation as of March 15, 2026. If new third-party scripts, analytics providers, or browser storage keys are introduced later, this page should be updated at the same time.