TrailTrack by Boardrooms to Backroads
Template — review with legal counsel. This document is a starting point and must be reviewed and adapted by a qualified attorney for your jurisdiction(s) before you rely on it.

Cookie Policy

Last updated: 22 June 2026

This Cookie Policy explains how Boardrooms to Backroads Consulting LLC (“B2BC”, “we”, “us”, or “our”) uses cookies, browser local storage, and similar technologies on the TrailTrack web application and related websites (together, the Service). It describes what these technologies are, the limited categories we use, why we use them, how long they persist, and the choices available to you and to the Customer. This Cookie Policy supplements, and should be read together with, our Privacy Policy and our Terms of Service.

In this document, the Customer is the organization that subscribes to or is invited to use the Service; a User is an individual who accesses the Service; Content is the data, files, and other materials handled in a Workspace; and a Workspace is a Customer’s isolated environment within the Service. TrailTrack is a logged-in, business-to-business work-management product. It is not an advertising-supported service, and we do not use third-party advertising cookies, cross-site tracking pixels, or data brokers to build advertising profiles of you.

1. What cookies and similar technologies are

A cookie is a small text file that a website asks your browser to store on your device. When you return, the browser sends the cookie back, which lets the Service recognize your session and remember certain settings. Beyond cookies, modern browsers offer related storage mechanisms that we group under the umbrella term “similar technologies.” The main kinds relevant to the Service are:

  • Cookies — small files set by the Service (first-party) or, in limited cases, by a connected third party, used mainly for authentication and security.
  • Local storage and session storage— key-value data kept by your browser for a site, used to remember interface preferences such as your theme, sidebar layout, and which “what’s new” announcements you have already seen. Local storage persists until cleared; session storage is cleared when the tab or browser closes.
  • Other browser storage — technologies such as IndexedDB or service-worker caches that a progressive web app uses to function offline or load faster.

We use the word “cookies” loosely throughout this policy to refer to all of these technologies unless the context indicates otherwise.

2. Cookies are session-based or persistent

Cookies and storage entries can be described by how long they last:

  • Session — exists only for the duration of your browsing session and is removed when you close the browser or the session expires.
  • Persistent — remains on your device for a defined period or until you delete it, so that a setting or sign-in is remembered across visits.

3. Categories of cookies we use

We organize the technologies we use into the following categories:

  • Strictly necessary — required for the Service to load, to authenticate you, to keep your session secure, and to protect against abuse. These cannot be switched off through the Service because the Service would not work without them.
  • Functional / preferences — remember choices you make, such as your theme, sidebar state, or dismissed announcements, to give you a more consistent experience. Blocking these will not break core features but may reset your preferences on each visit.
  • Analytics — we do not currently run third-party analytics or profiling cookies. If we ever introduce non-essential analytics, we will list them here and, where required by law, request your consent before setting them.

4. The specific cookies and storage we use

The list below describes the kinds of cookies and storage the Service relies on, their general purpose, their category, and their rough duration. Exact names and lifetimes may change as we improve the Service; this list is descriptive rather than an exhaustive technical inventory.

  • Authentication and session (first-party, via our identity provider Supabase) — keep you securely signed in and maintain your session state. Category: strictly necessary. Duration: a mix of session and persistent tokens that refresh while you remain active.
  • Security and anti-abuse tokens (first-party) — short-lived values used to protect sign-in, prevent cross-site request forgery, and guard sensitive flows such as connecting a calendar or third-party account. Category: strictly necessary. Duration: session or short-lived.
  • Workspace and navigation preference (first-party) — remembers which Workspace you last opened so the Service can return you to the right place. Category: strictly necessary to the app experience. Duration: persistent.
  • Theme preference (first-party local storage) — remembers your light or dark theme. Category: functional. Duration: persistent until cleared.
  • Sidebar and layout state (first-party local storage) — remembers whether the sidebar is collapsed and your ordering choices. Category: functional. Duration: persistent until cleared.
  • “What’s new” seen state (first-party local storage) — records which product announcements you have already dismissed so we do not show them again. Category: functional. Duration: persistent until cleared.
  • Progressive web app caches (first-party) — service-worker and browser caches that allow the installed app to load quickly and degrade gracefully when offline. Category: strictly necessary for the offline-capable experience. Duration: managed by your browser.

5. First-party and third-party cookies

Most cookies and storage used by the Service are first-party, meaning they are set by the TrailTrack domain itself. We use third-party cookies only in limited, user-initiated situations, for example:

  • when a payment is processed through our payment provider’s hosted checkout, that provider may set cookies it needs to operate its checkout and detect fraud; and
  • when the Customer or a User chooses to connect an external integration (such as a calendar, meeting, chat, or accounting service), the relevant provider may set cookies during that connection or sign-in flow.

Those third-party cookies are governed by the respective provider’s own cookie and privacy notices. For the list of providers that may process data on our behalf or in connection with the Service, see our Subprocessors page.

6. Legal basis and consent

Where data-protection laws such as the EU and UK GDPR and the ePrivacy rules apply, our legal basis depends on the category:

  • Strictly necessary cookies and storage are used on the basis of our legitimate interest in providing a secure, functioning Service that you or the Customer have requested. Under the ePrivacy rules these do not require consent because they are essential to deliver a service you have asked for.
  • Functional / preferences data is used to honor settings you choose. Where consent is required for any such technology in your jurisdiction, we will obtain it.
  • Non-essential cookies (such as any future analytics or marketing technologies) will only be set with your consent where the law requires it, requested through a cookie banner or settings control, and you may withdraw that consent at any time.

7. How to control cookies

You can control and delete cookies and browser storage through your browser or device settings. Most browsers let you view stored cookies, block some or all cookies, delete cookies when you close the browser, and clear local storage for a specific site. Consult your browser’s help pages for the exact steps.

Please note the consequences of blocking certain technologies:

  • If you block or delete strictly necessary cookies, you will not be able to sign in, your session will not persist, and core parts of the Service will not work.
  • If you block or clear functional storage, the Service will still work, but your preferences (theme, sidebar state, dismissed announcements) may reset, and the offline-capable experience may be reduced.

8. Do Not Track and global privacy signals

Some browsers offer a “Do Not Track” setting or a global privacy control signal. Because there is no consistent industry standard for how these signals must be interpreted, and because we do not use cross-site advertising or tracking cookies, the Service does not change its limited, essential cookie use in response to such signals. We will update this section if applicable laws or standards change.

9. Mobile and installed app considerations

When you install the Service as a progressive web app, it continues to rely on the same first-party authentication, security, and preference storage described above, plus service-worker caches that enable faster loading and limited offline use. You can clear this data by removing the installed app or clearing site data from your browser or device settings.

10. Changes to this Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in the technologies we use, in the Service, or in applicable law. When we make material changes, we will revise the “Last updated” date above and, where appropriate, provide additional notice within the Service. Your continued use of the Service after an update takes effect indicates your awareness of the revised policy, subject to any consent we are required to obtain.

11. Contact us

If you have questions about this Cookie Policy or about how the Service uses cookies and similar technologies, contact us at privacy@boardroomstobackroads.com. For more detail about how we handle personal data generally, see our Privacy Policy.

TrailTrack is a product of Boardrooms to Backroads Consulting LLC. Patent pending.