Cookie Policy

Brett Johnson Last Updated: 2026-04-27 Effective Date: 2026-05-01

1. What Are Cookies?

Cookies are small text files stored on your device (computer, smartphone, tablet) when you visit a website. They are used to remember information about your visit and improve your browsing experience.

This Cookie Policy explains:

What cookies brettjohnson.xyz uses
Why we use them
How to control or disable them
Your rights regarding cookies

2. Types of Cookies We Use

2.1 Essential / Strictly Necessary Cookies

Purpose: Required for the Website to function properly

| Cookie Name | Provider | Duration | Purpose | |-------------|----------|----------|---------| | sessionId | brettjohnson.xyz | Session | User session management | | csrf_token | brettjohnson.xyz | Session | CSRF protection | | auth_token | Supabase | 1 hour - 30 days | Authentication state | | vercel_session | Vercel | Session | Deployment platform session |

Note: These cookies are essential and cannot be disabled without affecting Website functionality.

2.2 Performance & Analytics Cookies

Provider: Plausible Analytics (privacy-first, GDPR-compliant)

| Cookie Name | Duration | Purpose | |-------------|----------|---------| | plausible_session | Session | Analytics session tracking |

Note: Plausible does NOT use cookies for cross-site tracking. It does not build user profiles. Your data is NOT shared with ad networks or other third parties.

2.3 Functional Cookies

Purpose: Enhance user experience and remember preferences

| Cookie Name | Provider | Duration | Purpose | |-------------|----------|----------|---------| | theme_preference | brettjohnson.xyz | 1 year | Light/dark mode preference | | language | brettjohnson.xyz | 1 year | Language preference | | calendly_session | Calendly | Session | Calendar integration state |

2.4 Marketing & Advertising Cookies

Status: We DO NOT use marketing or advertising cookies on brettjohnson.xyz}

We do not:

Track you across websites for advertising purposes
Build advertising profiles
Share data with Facebook Pixel, Google Analytics 4, or similar trackers
Use retargeting pixels

3. Third-Party Services & Their Cookies

brettjohnson.xyz} integrates with third-party services that may set cookies:

3.1 Vercel (Hosting)

Sets functional and analytics cookies
Privacy Policy: https://vercel.com/legal/privacy
Cookies: Deployment tracking, preview environment identification

3.2 Supabase (Database & Auth)

Sets authentication cookies when you sign in
Privacy Policy: https://supabase.com/privacy
Cookies: Session tokens, authentication state

3.3 Cloudflare (CDN & Security)

Sets security and performance cookies
Privacy Policy: https://www.cloudflare.com/privacypolicy/
Cookies: DDoS protection, bot detection, rate limiting

3.4 Calendly (Scheduling)

Sets functional cookies when you use the calendar
Privacy Policy: https://calendly.com/privacy
Cookies: Calendar session, booking preferences

3.5 HubSpot (CRM)

Sets cookies if you interact with embedded forms
Privacy Policy: https://legal.hubspot.com/privacy-policy
Cookies: Form tracking, lead identification (if enabled)

3.6 Resend (Email)

Does not set cookies for email delivery
Privacy Policy: https://resend.com/privacy
Note: Email open tracking may use pixel-based analytics (consult engagement agreement)

4. How We Use Cookies

Essential Functionality:

Authentication and security
Session management
CSRF token protection
Form processing

Performance & Improvement:

Understanding user behavior and page performance
Identifying technical issues and errors
Measuring Website effectiveness
Optimizing user experience

User Preferences:

Remembering your theme preference (light/dark mode)
Remembering your language selection
Maintaining calendar integration state

5. Cookie Consent & Opt-Out

5.1 Implied Consent Model

By accessing brettjohnson.xyz}, you consent to our use of cookies as described in this policy. This includes:

Essential cookies (automatically enabled; cannot be disabled)
Analytics cookies via Plausible (privacy-first, no tracking across sites)
Functional cookies for user preferences

5.2 How to Control Cookies

Browser Settings: You can control or delete cookies through your browser settings:

Chrome: Settings → Privacy and Security → Cookies and other site data
Firefox: Preferences → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Privacy, search, and services → Clear browsing data

Disable All Cookies: Disabling cookies may affect Website functionality:

Login and authentication may not work
Your preferences (theme, language) will not be saved
Calendar integration may fail
Form submission may be blocked by CSRF protection

5.3 Do Not Track (DNT)

brettjohnson.xyz} respects the Do Not Track (DNT) signal in your browser:

If DNT is enabled, we do NOT collect analytics data via Plausible
Plausible analytics is privacy-first and does NOT build cross-site profiles regardless of DNT status
Essential cookies remain enabled for Website functionality

To enable DNT:

Chrome: Settings → Privacy and security → Send "Do not Track" requests
Firefox: Preferences → Privacy → "Send websites a 'Do Not Track' signal"
Safari: Preferences → Privacy → "Ask websites not to track me"

5.4 Local Storage

In addition to cookies, brettjohnson.xyz} may use browser local storage and session storage for:

Saving user preferences
Caching performance data
Session state management

You can clear local storage through browser developer tools or settings.

6. Third-Party Cookie Management

To manage cookies from our third-party services:

Vercel Analytics:

Dashboard: https://vercel.com (requires account)
Opt-out: Contact Vercel support or use browser DNT signal

Plausible Analytics:

Website: https://plausible.io
Opt-out: Disable analytics in browser settings or enable DNT
Plausible respects privacy-first principles and does NOT track across sites

Cloudflare:

Dashboard: https://dash.cloudflare.com (requires account)
No end-user opt-out available; Cloudflare is required for site security

Calendly:

Calendly Privacy: https://calendly.com/privacy
Calendar functions opt-in; disable if you don't use scheduling

7. Cookie Retention & Deletion

| Cookie Type | Retention | Auto-Delete | |-------------|-----------|-------------| | Session Cookies | Current session | Upon browser close | | Essential Cookies | Variable (1 hour - 30 days) | Manual or upon logout | | Analytics Cookies | 30 days | Automatic | | Preference Cookies | 1 year | Manual or browser settings |

Manual Deletion:

Clear cookies in browser settings
Use "Clear browsing data" with "Cookies and other site data" selected
Cookies will be regenerated on next visit if functionality requires them

8. Data Retention & Privacy

What We Don't Do:

Build advertising profiles
Share cookie data with ad networks
Use cookies for cross-site tracking
Use cookies for marketing purposes
Sell your data

What We Do:

Use cookies only for Website functionality and privacy-first analytics
Comply with GDPR, CCPA, and other privacy laws
Respect your browser signals (DNT)
Minimize cookie usage

For details on how we use cookie data, see our Privacy Policy: brettjohnson.xyz}/privacy

9. International Cookie Laws

9.1 GDPR (European Union)

If you are in the EU, cookies require your explicit consent (except essential cookies). However, brettjohnson.xyz} is designed to minimize cookie usage:

Essential cookies are exempt from consent requirements
Analytics cookies via Plausible do not require consent (privacy-first, no tracking)
If you do not consent, you may still use the Website (functionality may be limited)

Your rights under GDPR:

Right to be informed (this policy)
Right of access to cookies used
Right to withdraw consent
Right to deletion (see Section 5.2)

9.2 CCPA (California)

If you are a California resident:

You have the right to know what cookies collect your data
You have the right to delete cookies
You have the right to opt-out of non-essential cookies
We do not sell cookie data

To exercise your rights, contact: legal@brettjohnson.xyz

9.3 ePrivacy Directive (EU/EEA)

Electronic privacy requirements for cookies:

Strictly necessary cookies: Exempt from consent
All other cookies: Require informed consent or opt-in

brettjohnson.xyz} complies by:

Using essential cookies without consent
Using privacy-first analytics (Plausible) that doesn't require consent
Respecting browser DNT signals
Providing clear opt-out instructions

10. Cookie Updates & Changes

We may update this Cookie Policy when:

We add new cookies or services
Legal requirements change
We improve our privacy practices

Changes are effective upon posting. We encourage you to review this policy periodically.

11. Contact Us

For questions about cookies or this policy:

Brett Johnson Services, LLC} Email: legal@brettjohnson.xyz Support Email: support@brettjohnson.xyz Address: Available upon request

EU Data Protection Authority: If you have GDPR concerns, you may lodge a complaint with your local data protection authority:

EU DPA Locator

Version 1.0 | Effective as of 2026-05-01

Appendix: Cookie Summary Table

| Name | Provider | Type | Duration | Purpose | |------|----------|------|----------|---------| | sessionId | brettjohnson.xyz | Essential | Session | Session management | | csrf_token | brettjohnson.xyz | Essential | Session | Security | | auth_token | Supabase | Essential | 1-30 days | Authentication | | vercel_session | Vercel | Essential | Session | Deployment platform | | plausible_session | Plausible | Analytics | Session | Privacy-first analytics | | theme_preference | brettjohnson.xyz | Functional | 1 year | Theme preference | | language | brettjohnson.xyz | Functional | 1 year | Language preference | | calendly_session | Calendly | Functional | Session | Calendar integration |

Essential Cookies (cannot be disabled) | Analytics Cookies (privacy-first) | Functional Cookies (user preferences) | No Marketing Cookies