How we use cookies
We use cookies for three purposes only:
- Authentication & security — keeping you signed in securely across requests and protecting against cross-site request forgery (CSRF).
- Preferences — remembering settings you've chosen, such as your timezone, language, or dark/light theme, so they persist between sessions.
- Product analytics — measuring aggregate, anonymised usage patterns (which features are used, where errors occur) so we can prioritise what to fix and build next. We never build individual profiles from analytics data.
We do not use cookies for advertising, retargeting, or behavioural profiling. We do not sell cookie-derived data. We do not share it with ad networks or data brokers.
Essential cookies
These cookies are required for the service to work. Without them you cannot sign in or use the product. They cannot be disabled via the cookie banner — though you can always delete them from your browser.
| Cookie name | Purpose | Duration |
|---|---|---|
sb-access-token | Supabase authentication session token (httpOnly, Secure) | 1 hour (auto-refreshed) |
sb-refresh-token | Renews the access token when it expires (httpOnly, Secure) | 60 days |
__Host-csrf | Cross-site request forgery protection token | Session |
vs_consent | Stores your cookie consent choices | 12 months |
The session tokens are set as httpOnly and Secure, meaning they are inaccessible to JavaScript and transmitted only over HTTPS, which protects against common session hijacking attacks.
Functional cookies
Functional cookies remember your preferences so the product behaves the way you expect on your next visit. Declining them will not prevent you from using PrimeBase — it just means preferences will reset each session.
| Cookie / storage key | Purpose | Duration |
|---|---|---|
vs_theme | Your chosen colour theme (light / dark / system) | 12 months |
vs_locale | Your chosen language / locale override | 12 months |
vs_tz | Timezone used for date display when different from device | 12 months |
localStorage: vs_sidebar | Sidebar collapsed / expanded state | Until cleared |
localStorage: vs_cols_* | Per-table column visibility and ordering | Until cleared |
Analytics cookies
We use a self-hosted analytics solution to understand how the product is used in aggregate. This helps us prioritise bug fixes and feature work. Analytics cookies are only set after you grant consent.
| Cookie name | Purpose | Duration |
|---|---|---|
vs_anon_id | Anonymised session identifier — no link to your account | 12 months |
vs_session | Groups page views within a single visit | Session |
Analytics events are aggregated and de-identified before any analysis. We do not build individual usage profiles, and analytics data is never shared with third parties or used to personalise advertising.
Our analytics run on our own infrastructure — data does not flow to Google Analytics, Mixpanel, Amplitude, or any other third-party analytics vendor. This means your usage data never leaves our control.
Third-party cookies
We do not load third-party tracking scripts, social sharing buttons, or embedded advertising widgets — the most common sources of third-party cookies on commercial sites. As a result, VividSphere's marketing site and product UI set only first-party cookies from the domains vividsphere.co, vividsphere.io, and primebase.io.
There is one narrow exception: if you connect a third-party integration such as Google Calendar or Gmail, the OAuth flow will redirect you to Google's own domain, where Google may set its own cookies under its own privacy policy. We have no control over or access to those cookies.
We have never loaded a Facebook Pixel, Google Ads conversion tag, LinkedIn Insight Tag, or any equivalent retargeting script. This is a deliberate product decision, not an oversight.
Cookie consent
When you first visit our site or sign in, a cookie banner gives you the choice to accept or decline non-essential cookies (functional and analytics). Your choice is stored in the vs_consent cookie and respected on every subsequent visit.
Essential cookies are set regardless of your choice — they are required for the service to work. You can change your preferences at any time:
- On our marketing site — click the "Cookie preferences" link in the page footer.
- Inside PrimeBase — go to Settings → Privacy → Cookie preferences.
- In Pocket CRM — go to Profile → Privacy settings.
For users in the EU/EEA and UK, we comply with the requirements of the ePrivacy Directive and UK PECR. Consent is always freely given, specific, informed, and unambiguous — declining is as easy as accepting.
Managing your cookies
In addition to our in-product controls, you can manage or delete cookies directly from your browser. Here are links to instructions for the major browsers:
- Chrome — Settings → Privacy and security → Cookies and other site data
- Safari — Settings → Privacy → Manage Website Data
- Firefox — Settings → Privacy & Security → Cookies and Site Data
- Edge — Settings → Cookies and site permissions → Manage and delete cookies
Deleting your browser cookies will sign you out of PrimeBase and reset your cookie consent choice. You'll be shown the consent banner again on your next visit.
Blocking all cookies will prevent PrimeBase from functioning. If you need to use the product with strict browser restrictions, contact us — we can advise on the minimum set of exceptions required.
Do Not Track
Some browsers send a "Do Not Track" (DNT) signal to sites. Because we do not engage in the cross-site tracking that DNT is designed to prevent, we do not alter our behaviour based on DNT signals — our default behaviour already meets the intent of DNT.
We do respond to the Global Privacy Control (GPC) signal. If your browser sends a GPC signal, we treat it as a preference to decline analytics cookies and will not set them, equivalent to declining via the cookie banner.
Changes to this policy
If we add new cookie categories or materially change how we use existing cookies, we will update this policy and the "Last updated" date at the top. Material changes will be announced via the cookie banner so you can review and re-confirm your preferences.
Non-material changes — such as adding a new cookie within an existing category, correcting a typo, or clarifying wording without changing meaning — will be made without a formal notice, but the date will always reflect the most recent revision.
Contact us
Questions about this policy or our use of cookies can be sent to our privacy team:
- Email · contact@vividsphere.co
- Postal address · VividSphere LLP, L-148, 5th Main Road, Sector 6, HSR Layout, Bangalore South, Bangalore - 560102, Karnataka, India
We aim to respond within one business day. You can also update your cookie preferences at any time without contacting us — see §8 above.