Cookie Policy

Last updated: May 22, 2026

What cookies are

Cookies are small text files stored in your browser by the sites you visit. We use a small set of cookies to keep you signed in, to measure how the site is used, and (for admin staff only) to support a customer-support impersonation flow. We do not use advertising cookies. We do not sell or share cookie data with advertisers. We do not use cross-site tracking beacons.

Cookies we set on riseoverdebt.com

Strictly necessary — authentication

Set after you sign in to the student portal. Without these you cannot stay logged in.

  • sb-<project>-auth-token — Supabase session cookie. HttpOnly, Secure, SameSite=Lax. Lifetime: up to 90 days. Set when you complete a magic-link sign-in. Holds the refresh-token reference the portal uses to keep you signed in. Cleared on sign-out.

Strictly necessary — admin (rarely set)

Only set when a Rise Over Debt admin user uses an internal customer-support tool to view a customer’s portal as that customer. Never set for normal users.

  • rod_impersonate — signed HMAC cookie pairing the admin user with the target user. HttpOnly, Secure, SameSite=Lax. Lifetime: 4 hours. Cleared explicitly when the admin exits impersonation.

Analytics — Google Analytics 4

We use Google Analytics 4 (measurement ID G-XZC7FL1KC2) to understand how visitors find and use the site. GA4 sets the following first-party cookies in your browser:

  • _ga — visitor identifier. Lifetime: 2 years.
  • _ga_XZC7FL1KC2 — session and campaign data for this specific GA4 property. Lifetime: 2 years.

You can opt out of GA4 across all sites by installing the Google Analytics Opt-out Browser Add-on.

Cookies we do not set

  • Payment cookies. Stripe Checkout runs on stripe.com, not on this domain. Any cookies Stripe sets for fraud prevention live on Stripe’s domain and are subject to Stripe’s cookie policy.
  • Advertising cookies. We do not run paid ad pixels (Meta, Google Ads, TikTok, etc.) on this site.
  • Cross-site tracking. No third-party identity-graph or fingerprinting providers are loaded.

Managing cookies

Most browsers let you block or delete cookies through their settings. If you block the Supabase authentication cookie you will not be able to stay signed in to the portal. Blocking analytics cookies has no effect on course access.

Changes to this policy

If we add or remove a cookie, we will update this page and the “Last updated” date above. For broader practices around your personal information see our Privacy Policy.

Questions

Email info@riseoverdebt.com.

← Back to Home