Cookie Statement
Last modified: April 2nd, 2026
NetDesk Pty Ltd is committed to transparency about how we use cookies and similar browser storage technologies on our website. This Cookie Statement explains exactly what we store, why we store it, and your choices.
We use cookies only where strictly necessary — for authentication and security. We do not use advertising cookies, tracking cookies, or analytics cookies. This statement should be read alongside our Privacy Policy.
1. What Are Cookies?
Cookies are small text files placed on your device by a website. They are used to carry information between pages and between visits. Cookies are set either by the website you are visiting (first-party cookies) or by third-party services that the website uses.
We also use browser storage mechanisms — specifically localStorage and sessionStorage — which work similarly to cookies but are never transmitted to our servers. These are covered in §3 below.
2. How We Use Cookies
We set only essential cookies. We do not use analytics, advertising, or tracking cookies of any kind.
2.1 Essential Cookies
These cookies are required for the website to function. Blocking them will prevent you from signing in or using the service.
- Authentication — keeps you signed in across pages and browser tabs during your session
- CSRF protection — prevents cross-site request forgery attacks on form submissions and API calls
3. Browser Storage (Not Cookies)
In addition to cookies, we use standard browser storage to improve your experience. Unlike cookies, this data is never sent to our servers — it stays on your device only.
3.1 localStorage
We store your language preference (netdesk-language) in your browser's localStorage so it is remembered across visits. This data persists until you clear your browser storage or change your preference.
3.2 sessionStorage
During email verification flows (sign-up and technician registration), we temporarily store your email address in sessionStorage so that confirmation pages can display it without exposing it in the URL. This data is automatically deleted when you close the browser tab.
4. Specific Cookies We Set
Below is the complete list of cookies NetDesk sets on your device:
Authentication Cookies (Supabase)
- Purpose: Maintain your login session and authenticate your identity across requests
- Duration: Scoped to your session; refresh tokens allow seamless reauthentication while you are active
- Type: First-party, Essential
CSRF Token Cookie (csrf-token)
- Purpose: Protects against cross-site request forgery on all form submissions and authenticated API calls
- Duration: 24 hours; refreshed automatically
- Type: First-party, Essential, httpOnly
5. Third-Party Services
A small number of third-party services we use may set their own cookies. We have no control over these cookies, but we only use services that are strictly necessary to deliver the product.
Supabase (Authentication & Database)
- Purpose: User authentication and secure data storage
- Cookies: Session management and authentication tokens
- Privacy Policy: supabase.com/privacy
Stripe (Payments)
- Purpose: Secure payment processing
- Cookies: Stripe may set cookies for fraud detection and payment security when the payment form is loaded. Your card details are handled entirely by Stripe and never pass through our servers.
- Privacy Policy: stripe.com/privacy
Vercel (Hosting)
- Purpose: Website hosting and content delivery
- Cookies: May set performance and security cookies as part of the hosting infrastructure
- Privacy Policy: vercel.com/legal/privacy-policy
6. Your Cookie Choices
You can manage cookies through your browser settings. Most browsers allow you to:
- View cookies stored on your device
- Delete existing cookies
- Block all cookies or third-party cookies only
Because we only use essential cookies, blocking them will prevent you from signing in and using the service. There are no non-essential cookies you can opt out of.
6.1 Browser-Specific Instructions
7. Cookie Data Retention
- Authentication cookies: Active for the duration of your session; refresh tokens managed by Supabase
- CSRF token cookie: 24 hours, refreshed automatically
- Language preference (localStorage): Until you change your preference or clear browser storage
- Email confirmation (sessionStorage): Deleted when you close the tab
You can clear all of the above at any time through your browser settings. Doing so will require you to sign in again.
8. Our Commitment
- We do not use advertising or tracking cookies
- We do not use analytics cookies
- We do not sell cookie data or any personal data to third parties
- We do not track you across other websites
- We minimise storage to what is strictly necessary to deliver the service
- We comply with the Australian Privacy Act 1988
For more information about how we handle your personal data, please read our Privacy Policy.
9. Changes to This Statement
We may update this Cookie Statement from time to time. For material changes, we will notify you by email. The "Last modified" date at the top of this page always reflects the most recent revision.
10. Contact Us
If you have questions about our use of cookies or this Cookie Statement, please contact us at:
- Email: privacy@netdesk.au