Cookie Policy
Effective Date: April 20, 2026 · Version 1.0
This Cookie Policy explains how GalaDesk — a product operated by Printmods, a sole proprietorship based in Pennsylvania, United States — uses cookies and similar technologies (like local storage) on galadesk.com. It sits alongside our Privacy Policy and Terms of Service, and explains in plain English what we store on your device and why.
A cookie is a small text file that a website places on your device so it can remember things between visits — like whether you're signed in, what theme you prefer, or whether you've already seen our cookie banner. Local storage works similarly but is managed by the browser rather than sent back to a server with every request. We use both, and this policy covers both.
This policy is written for event pros — the business owners and operators who subscribe to GalaDesk — as well as their team members, contractors, and clients who may interact with the platform.
1. What We Use Cookies For
We keep our use of cookies intentionally small. In short, we use them to:
- Keep you signed in — authentication session cookies so you don't have to re-enter your password on every page.
- Remember your preferences — like your chosen color theme (light or dark) and whether you've already responded to the cookie banner.
- Understand how the product is used — aggregated, pseudonymous analytics via Google Analytics 4, so we can improve GalaDesk.
- Prevent payment fraud — Stripe cookies set when you load a checkout page, used to detect suspicious activity.
We do not use cookies for advertising. We do not run ad networks on the product, we do not sell your data to third parties, and we do not share data for cross-context behavioral advertising.
2. Cookies and Similar Technologies We Use
The table below lists the cookies and local-storage items used by GalaDesk. Durations are approximate and may vary slightly based on your browser and how you use the service.
| Name | Purpose | Category | Party | Duration |
|---|---|---|---|---|
sb-<project>-auth-token | Keeps you signed in to your GalaDesk account (Supabase Auth session). | Strictly necessary | First-party | Up to 1 year (refreshed on use) |
sb-<project>-auth-token-code-verifier | Used during the PKCE login flow to verify the authentication exchange. | Strictly necessary | First-party | Session (deleted after login completes) |
gd_session_activity | Tracks last session activity timestamp so we can throttle background checks and keep your session warm. | Strictly necessary | First-party | 24 hours |
owner_session | Elevated privilege indicator for the internal owner/admin portal. Only set if you access the admin area. | Strictly necessary | First-party | 8 hours |
owner_mfa_factor | Short-lived multi-factor authentication state during the owner portal MFA flow. | Strictly necessary | First-party | 10 minutes |
cookie-consent (local storage) | Remembers whether you accepted or declined the cookie banner so we don't show it again on every visit. | Functional | First-party | Persistent (until cleared by you) |
galadesk-theme (local storage) | Stores your selected color theme (light, dark, or system). | Functional | First-party | Persistent (until cleared by you) |
_ga | Google Analytics 4 — distinguishes unique users (pseudonymous) to measure product usage. | Analytics | Third-party (Google) | 2 years |
_ga_<container-id> | Google Analytics 4 — persists session state for the specific GA4 property. | Analytics | Third-party (Google) | 2 years |
__stripe_mid | Stripe fraud prevention — a persistent merchant/device identifier set on checkout pages. | Strictly necessary (payment) | First-party (set by Stripe script) | 1 year |
__stripe_sid | Stripe fraud prevention — a per-session identifier used during checkout. | Strictly necessary (payment) | First-party (set by Stripe script) | 30 minutes |
Cookie names prefixed with sb- include your Supabase project reference in the middle. The exact name you'll see in your browser's developer tools looks something like sb-abcd1234-auth-token. We do not consider these identifiers sensitive on their own — they serve the same role as any other session-identifier cookie.
3. Cookie Categories, Explained
3.1 Strictly Necessary
These cookies are required for GalaDesk to function. Without them, you can't sign in, stay signed in, or complete payment. They do not require consent under the EU ePrivacy Directive because they are essential to deliver the service you explicitly requested. You cannot opt out of strictly necessary cookies while using the service; blocking them in your browser will break the product.
3.2 Functional
Functional cookies (and local-storage items) remember preferences that make the product more pleasant to use — like your theme choice or your response to the cookie banner. They are set only when you actively use a preference (e.g., switching to dark mode). You can clear them at any time through your browser's site data settings.
3.3 Analytics
Analytics cookies help us understand — in aggregate, pseudonymous form — how event pros use GalaDesk so we can improve the product. We use Google Analytics 4 for this. GA4 is configured with IP anonymization enabled and without cross-site advertising signals. We do not merge analytics data with your account data. In consent-required regions (see Section 5), GA4 cookies are loaded only after you grant consent.
4. Managing Your Cookie Preferences
4.1 Via Our Cookie Banner
The first time you visit GalaDesk, a banner appears asking whether you accept or decline non-essential cookies. Your choice is remembered in your browser's local storage (cookie-consent). You can change your answer at any time by clearing that item in your browser or by clearing site data for galadesk.com and reloading the page — the banner will reappear and you can respond again.
4.2 Via Your Browser
Every major browser lets you view, block, or delete cookies per-site. Keep in mind that blocking strictly necessary cookies will prevent you from signing in to GalaDesk.
4.3 Do Not Track & Global Privacy Control
We honor the Global Privacy Control (GPC) browser signal where required by applicable law (see Section 6). We do not currently act on the older "Do Not Track" (DNT) header, because DNT has no agreed-upon legal or industry-standard meaning. If you'd like to opt out of non-essential cookies, use the banner or enable GPC in your browser.
5. EU / UK / EEA Visitors (ePrivacy & GDPR)
If you are visiting from the European Economic Area, the United Kingdom, or Switzerland, the EU ePrivacy Directive and the GDPR require your prior consent before any non-essential cookies (including analytics) are set on your device. We honor that requirement in the following ways:
- Strictly necessary and functional cookies load as needed to provide the service you requested.
- Analytics cookies (Google Analytics 4) do not fire until you click Accept in our cookie banner.
- If you click Decline, no analytics cookies are set and Google Analytics is not loaded during your session.
- You may withdraw consent at any time by clearing the
cookie-consentitem (or clearing all site data for galadesk.com) — our banner will reappear and you can respond again.
You also have the rights described in our Privacy Policy, including the right to access, correct, delete, or restrict processing of your personal data, and the right to lodge a complaint with your local data protection authority.
6. California Visitors (CCPA / CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), gives you additional rights around cookies and tracking.
GalaDesk does not sell Personal Information and does not share Personal Information for cross-context behavioral advertising. We do not operate an ad network, and our analytics provider (Google Analytics 4) is configured without cross-site advertising features.
We honor the Global Privacy Control (GPC) browser signal as a valid opt-out request where applicable. If your browser transmits a GPC signal, we treat that as an opt-out of any sale or sharing of Personal Information, and analytics cookies will not be loaded.
You may also exercise your California privacy rights (Right to Know, Right to Delete, Right to Correct, Right to Limit Use of Sensitive Personal Information, and Right to Non-Discrimination) as described in our Privacy Policy — Section 9.
7. Third Parties That Set Cookies Through GalaDesk
A few third-party services set cookies when you interact with specific parts of the product:
- Google (Google Analytics 4) — product analytics. Loaded only after consent in consent-required regions. See Google's Privacy Policy.
- Stripe — payment processing and fraud prevention. Stripe cookies are set on checkout pages to detect fraudulent activity. See Stripe's Privacy Policy and Stripe's cookie information.
Supabase and Vercel, the infrastructure providers that host GalaDesk, do not set their own tracking cookies in your browser through our product. The sb-* cookies you see are authentication cookies issued by our Supabase project on our behalf and are first-party.
8. Changes to This Policy
We may update this Cookie Policy from time to time — for example, if we add or remove a subprocessor, or if a regulator updates guidance on how we must obtain consent. Material changes will be communicated via email or in-app notice at least 30 days before they take effect, consistent with the notice period in our Terms of Service. Minor clarifications (e.g., wording, typos) may be posted without notice. The "Effective Date" at the top of this page always reflects the current version.
9. Contact Us
If you have questions about this Cookie Policy or how we use cookies:
GalaDesk (a product of Printmods, a Pennsylvania sole proprietorship)
Email: daniel@galadesk.com
Website: galadesk.com
This policy is provided for informational purposes. Consult with a qualified attorney for legal advice specific to your situation.