TL;DR: DoneWith.ink doesn't use third-party trackers, analytics cookies, ad pixels, or fingerprinting scripts. The cookies we set are strictly essential — to keep you signed in (if you have a Pro account) and to remember your preferences. That's it. No surveillance. No selling data. No "partners." No cookie consent banner — because there's nothing to consent to.
1. Our approach to cookies
Most websites greet you with a cookie consent banner listing dozens of tracking cookies from ad networks, analytics vendors, and data brokers. You won't see that here. DoneWith.ink was built from the ground up with the conviction that your documents — and your browsing — are nobody's business but yours.
This policy explains every cookie we set, why we set it, how long it lives, and whether it involves any third party. Short answer on that last one: no third-party cookies, ever.
2. What is a cookie?
A cookie is a small text file that a website stores on your device through your browser. Cookies serve many purposes — from keeping you logged in (useful) to tracking you across the internet so ad networks can build a profile of your behavior (not useful, and not something we do).
DoneWith.ink also uses localStorage and IndexedDB (browser storage APIs) for some features. These aren't technically cookies, but we explain them here for completeness because they serve similar functions — and because we believe in full transparency.
3. Cookies we use
Here is the complete list. If it's not on this table, we don't set it.
4. What we don't use
We think what we don't do is as important as what we do. DoneWith.ink sets zero of the following:
- Analytics cookies — no Google Analytics, no Plausible, no PostHog, no Mixpanel, no self-hosted analytics. We don't know how many visitors we get, which pages they read, or how long they stay — and we like it that way.
- Advertising cookies — no Facebook Pixel, no Google Ads, no retargeting, no ad networks.
- Social media cookies — no Twitter/X widgets, no LinkedIn insights tag, no "Share" buttons that phone home.
- Fingerprinting scripts — no device fingerprinting, no canvas fingerprinting, no browser-fingerprinting libraries.
- Session recording / heatmaps — no Hotjar, no FullStory, no Microsoft Clarity, no session replay of any kind.
- A/B testing cookies — no Optimizely, no Google Optimize, no feature-flagging with user-level tracking.
- CDN cookies — our static assets (JS, CSS) are served from our own domain or from CDN providers under our control. No CDN-level tracking.
Why we don't need a cookie consent banner: Under the GDPR, ePrivacy Directive, and most global privacy regulations, strictly necessary (essential) cookies do not require consent. Because we set only essential and locally-stored functional cookies — and zero tracking or marketing cookies — we don't need a consent banner. If this ever changes, we'll update this policy and add a consent mechanism before the change goes live.
5. A note on Supabase Auth
If you create a Pro account, we use Supabase as our authentication and database provider. Supabase sets the authentication cookies listed in §3. These cookies are strictly necessary for the sign-in feature to work — without them, we can't keep you logged in.
Supabase's cookies contain only cryptographic session tokens, not personal information. Supabase does not use these tokens for tracking, profiling, or advertising. Their cookie practices are documented in Supabase's Privacy Policy.
Importantly: the authentication cookies are the only data that touches our infrastructure at all. Your PDFs, signatures, signing links, and document metadata stay entirely in your browser. They are never uploaded to Supabase, to our server, or to any third party. See our Privacy Policy for the full architecture.
6. Managing cookies in your browser
You can control and delete cookies through your browser settings. Here's how:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Preferences → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies and site data
If you block all cookies, you won't be able to sign in to a Pro account. The free editor will continue to work normally — it doesn't rely on cookies at all. If you clear your localStorage, you'll lose your saved signatures and editor preferences, but the editor itself will still work.
7. Do Not Track
We honor the Do Not Track (DNT) browser setting. Since we don't track you regardless, DNT changes nothing about our behavior — but we respect the signal. If your browser sends DNT: 1, we acknowledge it. There's nothing for us to turn off.
8. Changes to this policy
If we ever add a new cookie or change how we use existing ones, we'll update this page and note the change in the "Last updated" date at the top. If the change is material — for example, if we were to add an analytics cookie (we won't, but hypothetically) — we'd notify Pro users by email and add a consent mechanism before the cookie is set.
We encourage you to check this page occasionally. The current version will always be at /legal/cookies.html.
9. Contact
If you have questions about this Cookie Policy or want to verify anything in it, email us at privacy@donewith.ink. You can also open DevTools → Application → Cookies on any DoneWith.ink page and confirm the list yourself — we designed the product so the policy is independently auditable in under a minute.