Cookies Policy
Version 1
Effective Date: May 3, 2026
centerleap — Cookies Policy
Effective date: May 3, 2026 Last updated: May 3, 2026
This Cookies Policy explains how GENERAL SOFTWARE COMPANY LLC, doing business as centerleap.com, uses cookies and similar technologies on our marketing site (centerleap.com) and web application (app.centerleap.com). It supplements our Privacy Policy at centerleap.com/legal/privacy.
We are committed to transparency and minimal data collection. We do not use cookies or similar technologies for analytics, advertising, retargeting, cross-site tracking, or social-media integration.
1. What are cookies and similar technologies?
Cookies are small text files placed on your device by websites. We also use related browser technologies:
- localStorage and sessionStorage — browser storage for user preferences and interface state.
- IndexedDB — encrypted local data such as your PGP vault and email cache.
These technologies help us deliver the Services you request.
2. Cookies and storage we use
2.1 Strictly necessary
Required for basic functionality, security, and delivering the service you requested. No consent is required for these under EU ePrivacy / UK PECR.
| Name / pattern | Set by | Purpose | Duration |
|---|---|---|---|
sb-<project-ref>-auth-token | Supabase | Maintains your authenticated session | Session, auto-refreshed |
cl_org_id | centerleap | Remembers your active organization / workspace across pages | 365 days |
cl-vault-tab-id (sessionStorage) | centerleap | Prevents vault-key leaks across browser tabs | Until tab closes |
__cf_bm, __cf_chl_* | Cloudflare | Bot detection and security challenges | ~30 minutes |
2.2 Functional / preferences
Remember choices you make while using the app (e.g., audio-device selection, table column widths). They do not track you across sites and contain no personal information.
Examples (stored in localStorage or sessionStorage):
- Last selected email account(s)
- Data-table column widths
- Softphone keytone mute state
- Selected microphone and speaker devices
- Vault view mode (list vs. grid)
- Compose-modal size
- Device session continuity for re-auth flows
3. What we do not use
- No analytics or performance cookies.
- No advertising or targeting cookies.
- No social-media plugins or login widgets.
- No cross-site tracking or fingerprinting.
- No session replay or behavioral-tracking tools.
If we ever enable Cloudflare Web Analytics on our sites, it remains cookieless and uses first-party events only. Turning it on would not change this policy.
4. Other technologies
- IndexedDB. Stores your encrypted PGP vault (
cl-vault-v1) and a local decrypted-mail cache (populated only after you unlock the vault). All of this data stays on your device and is cleared when you sign out. - Error monitoring (Sentry). When error monitoring is enabled, uncaught client errors are reported to Sentry. Reports are scrubbed of sensitive fields (passwords, private keys, recovery material) before they leave the browser, and Sentry does not set tracking cookies on our domains.
- Functional API connections (Supabase, Telnyx, Deepgram, LiveKit, and others listed in our Subprocessor list). These load only on the screens that need them and are required for features to work.
Our mobile apps follow platform-specific tracking-transparency rules (Apple App Tracking Transparency and Google Play Data Safety). We do not engage in cross-app or cross-website tracking.
5. How to manage or delete cookies and storage
- Most browsers let you block or delete cookies via Settings.
- You can clear localStorage, sessionStorage, and IndexedDB through browser developer tools or site-data settings.
- Signing out of your centerleap account clears most session data.
- For full deletion, use the in-product account-deletion flow or contact
privacy@generalsoftwarecompany.com.
Blocking strictly-necessary cookies may prevent you from using core features.
6. Changes to this Cookies Policy
We may update this policy from time to time. Material changes will be notified by email or in-product notice. Continued use of the Services after the effective date constitutes acceptance.
7. Contact us
Questions about this policy? Email privacy@generalsoftwarecompany.com.
Full details on all data practices are in our Privacy Policy at centerleap.com/legal/privacy. For the list of third parties we engage, see our Subprocessor List at centerleap.com/legal/subprocessors.