Legal
Cookie Policy
This policy explains how Coworking Tech Stack uses cookies, local storage, pixels, embedded services, security checks, and similar technologies.
Last updated: June 15, 2026. Effective date: June 15, 2026.
1. Who We Are
Coworking Tech Stack is operated by Coworkies Ltd, a United Kingdom company. For cookie questions, contact team@coworkingtechstack.com.
Coworking Tech Stack is connected to the Coworking Tech Week ecosystem, but Coworking Tech Week has separate event flows and may use different cookies or analytics tools. Its privacy policy is available at www.coworkingtechweek.com/privacy/.
2. What Cookies Are
Cookies are small text files placed on your device when you visit a website. Similar technologies include local storage, session storage, pixels, scripts, SDKs, embedded frames, link tracking, device identifiers, and other technologies that store information on, or access information from, your device.
Under UK cookie rules, strictly necessary cookies can be used without consent when they are essential to provide a service you request. Non-essential cookies, such as most analytics, advertising, or cross-site tracking cookies, usually require clear information and active consent.
3. The Standard We Apply
We apply a simple rule: strictly necessary technologies may run where they are essential to provide the site, security, account, checkout, or form feature you request. Optional analytics, advertising, cross-site tracking, or similar non-essential technologies should not be set unless we have provided clear information and obtained consent where required.
Coworking Tech Stack is designed to be lightweight. As of the date above, the application code does not include Google Analytics, Google Tag Manager, Meta Pixel, TikTok Pixel, or advertising-cookie code on Coworking Tech Stack.
We use cookies and similar technologies mainly for essential account sessions, admin sessions, security, bot prevention, checkout, and third-party services you choose to interact with. If we add optional analytics, advertising, or marketing cookies, we will update this policy and implement any consent controls required by law.
If you do not see a cookie banner or preference panel on Coworking Tech Stack, that is because we do not currently intend to set optional analytics or advertising cookies from the CT Stack application code before consent. Strictly necessary security, account, and checkout technologies may still operate.
4. Cookie and Similar Technology Register
The table below describes the cookies and similar technologies we use or may trigger through current platform functionality. Exact cookie names and durations can change when browsers, providers, or security settings change. We review this register when we materially change the platform or providers.
| Name or technology | Provider | Purpose | Category | Typical duration | Consent required? |
|---|---|---|---|---|---|
sb-*-auth-token and related Supabase auth cookie fragments | Supabase, used by Coworking Tech Stack | Keeps signed-in members, product editors, and vendor/account users authenticated; supports session refresh and user-scoped database access. | Strictly necessary - account and security | Session and refresh-token lifetime set by Supabase authentication configuration; may persist across browser sessions. | No, because these are necessary for account features requested by the user. |
sb-access-token | Coworking Tech Stack / Supabase | Verifies internal admin or editor access for protected admin routes. | Strictly necessary - admin authentication and security | Short-lived access-token lifetime. | No, because it is necessary for authenticated admin/editor access. |
sb-refresh-token | Coworking Tech Stack / Supabase | Refreshes internal admin or editor sessions without repeated sign-in. | Strictly necessary - admin authentication and security | Up to 30 days unless you log out, the token expires, or the session is invalidated. | No, because it is necessary for authenticated admin/editor access. |
cf_clearance, __cf_bm, _cfuvid, __cflb, and related Cloudflare security cookies where enabled | Cloudflare | Protects the site from bots, abuse, rate-limit evasion, suspicious traffic, and network instability; may preserve challenge status or route traffic reliably. | Strictly necessary - security, fraud prevention, and service delivery | Varies by Cloudflare feature: examples include around 30 minutes for some bot-management cookies, seconds to 24 hours for some load-balancing cookies, or a challenge duration configured by Cloudflare/security settings. | No, where used for security or service delivery. We still disclose them here. |
| Cloudflare Turnstile challenge response and browser signals | Cloudflare | Checks whether newsletter, contact, product submission, and similar forms are being submitted by a real user rather than automated abuse. | Strictly necessary - form security and abuse prevention | Challenge and verification data is generally short-lived, but Cloudflare may process security logs under its own retention practices. | No, because it is necessary to protect forms and platform integrity. |
| Stripe checkout, billing, fraud-prevention, and portal cookies or local storage | Stripe | Runs checkout, subscription billing, payment security, fraud prevention, invoices, receipts, and billing portal features when you choose a paid plan or upgrade. | Strictly necessary for checkout where used; Stripe may also use optional categories on Stripe-controlled pages according to its own policy and consent controls. | Varies by Stripe cookie, checkout mode, browser, and Stripe configuration. | No for payment and fraud-prevention technologies necessary to complete checkout. Stripe is responsible for its own optional cookies on Stripe-controlled pages. |
| Cloudinary image and media delivery requests | Cloudinary | Loads and optimizes logos, screenshots, images, and other media used in public product, company, editorial, or membership pages. | Strictly necessary or functional media delivery, depending on page context | Request logs and CDN cache behavior vary by provider settings. Browser caching may last according to cache headers. | No for media necessary to render the page you requested. We do not use Cloudinary for advertising tracking. |
| Resend email delivery, unsubscribe, bounce, complaint, and link metadata | Resend | Sends newsletters and transactional emails, records delivery status, processes unsubscribe requests, and helps diagnose email delivery issues. | Email operations; not primarily a website cookie | Varies by email event type and Resend account settings. | Newsletter email is based on consent. Transactional or service emails may be sent where necessary. |
| Server request logs, rate-limit keys, security headers, and abuse-prevention records | Coworking Tech Stack and hosting/security providers | Records technical events needed to keep the platform available, investigate errors, prevent abuse, enforce rate limits, and secure the service. | Strictly necessary - security and operations | Limited periods appropriate to security, troubleshooting, legal, and operational needs. | No, because this is necessary for security and service operation. |
| Optional analytics or advertising cookies | None currently set intentionally by the CT Stack application code | Not currently used by Coworking Tech Stack application code as of the date above. | Analytics / advertising | Not applicable unless added later. | Yes, where required. We would add a consent mechanism before setting these cookies. |
5. Cookie Categories
- Strictly necessary: required for login, admin access, account sessions, checkout, bot prevention, security, fraud prevention, form protection, load balancing, and core service operation. Blocking these may break sign-in, product submissions, membership checkout, admin access, or form submissions.
- Functional: used to remember choices or improve requested features. We currently keep this category minimal. If we add non-essential functional cookies, we will provide appropriate information and controls.
- Analytics and performance: used to understand site usage. The current CT Stack application is not built around third-party analytics cookies. We may still use server-side aggregate data and operational logs to understand performance and reliability. If we add optional analytics cookies, we will seek consent where required.
- Advertising and marketing: used for ads, retargeting, or cross-site behavioural tracking. We do not currently intentionally set advertising cookies on Coworking Tech Stack. Third-party websites you visit from our pages may use their own marketing technologies.
6. Third-Party Sites and Embedded Services
If you click a link to Coworking Tech Week, LinkedIn, Reddit, a sponsor, an exhibitor, a vendor, Stripe, Supabase, Cloudflare, Cloudinary, or another third-party service, that third party may set its own cookies or process your device information under its own policies.
We are not responsible for third-party cookies placed outside Coworking Tech Stack. You should review the relevant third party's privacy and cookie information if you interact with those services.
7. Your Choices
You can control cookies through your browser settings. Most browsers let you block, delete, or limit cookies. If you block all cookies, some Coworking Tech Stack features may not work, including login, account management, admin access, product submissions, bot checks, checkout, and security features.
You can sign out of your account to clear or invalidate authentication sessions. You can also clear cookies in your browser. For newsletter choices, use the unsubscribe link in any email or contact us.
Where we use consent-based cookies, you can withdraw or change consent through the consent controls we provide. If no on-site consent control is visible, that means we do not currently intend to set optional analytics or advertising cookies from the CT Stack application code.
We will not treat simply continuing to browse the site as consent for non-essential cookies. If we introduce consent-based cookies, we will use an affirmative choice, keep appropriate consent records, and make withdrawal as easy as giving consent.
8. Do Not Track and Global Privacy Controls
Some browsers offer "Do Not Track" or global privacy signals. There is not one universally accepted technical standard for all such signals. We do not currently sell personal information or intentionally share it for cross-context behavioural advertising on Coworking Tech Stack. If we add technology that requires opt-out handling for a recognised signal, we will update this policy and our controls.
9. Provider References
Provider cookie names, purposes, and durations can change. These provider pages are useful references:
10. Changes to This Policy
We may update this Cookie Policy as our platform, providers, legal obligations, or cookie use changes. If we make material changes, we will take reasonable steps to notify affected users, which may include posting a site notice or updating the date at the top of this page.
11. Contact
Questions about cookies or similar technologies can be sent to:
Coworkies Ltd (UK)
Email: team@coworkingtechstack.com
Website: coworkingtechstack.com