Cookie Policy.
Effective July 14, 2026. This page describes the cookies and similar technologies Get Aplomb (“Aplomb,” “we,” or “us”) uses on getaplomb.com, why we use them, and how you can refuse or remove them. For broader information about personal data, see our Privacy Policy.
What is a cookie?
A cookie is a small text file that a website asks your browser to store on your device. Cookies remember preferences (your cart, that you have signed in) and let us understand how the site is used. Some “cookies” on modern sites are actually localStorage entries or pixel tags rather than literal cookies; this policy uses the word loosely to cover all of them.
Cookies we use
We group cookies and similar technologies into three categories.
1. Strictly necessary (cannot be turned off)
These keep the site running. Without them the cart, checkout, and your account would not work.
- Cart state, your in-progress order, kept in your browser's localStorage. Cleared when you complete checkout or manually empty the cart.
- Stripe, payment processor cookies used to detect fraud and process card payments. Set when you reach the checkout page. See Stripe's cookie notice.
- Cloudflare Turnstile, a no-cookie CAPTCHA that protects checkout from automated abuse. Loads only on the checkout page.
- Supabase auth, a session token set after you click a magic-link to sign into your account. Removed when you sign out or after it expires.
- Sentry, error monitoring. Loads a minimal script that reports JavaScript exceptions back to us so we can fix them. Sentry does not set tracking cookies in our configuration.
- Cookie-consent state, a versioned localStorage entry (
aplomb-cookie-consent-2026-07-14) that records whether you accepted the current optional-tools notice, so we do not show you the banner on every visit. We require a fresh choice when the notice materially expands. - First-party campaign attribution, the first valid campaign source and campaign name in a landing URL, kept only in sessionStorage for the current browser tab and copied to the order record if you check out. We use it to compare campaign spend with paid orders. It is not sent to Google, does not contain a Google click ID, and disappears from the browser when that tab closes.
2. Analytics, privacy-friendly, always on
We use Plausible Analytics to measure anonymous page-view counts. Plausible does not set cookies, does not collect personal data, does not fingerprint visitors, and is GDPR / CCPA / PECR compliant by default. See Plausible's data policy. Plausible is considered “essential” for the purposes of this banner because it carries no privacy cost.
3. Optional analytics & marketing (your consent required)
If you click “Accept all” on the cookie banner, we may load or use the following. If you click “Essential only,” we do not load or use any of them.
- Meta Pixel (Facebook / Instagram), measures conversions from Meta-platform ads and lets us show ads to people who have visited the site. Sets first- and third-party cookies. Meta privacy policy.
- Microsoft Clarity, anonymous session replay and heatmaps that help us understand where users click, scroll, and get stuck. Sets cookies for session identification. Clarity terms.
- Server-side Google Analytics purchase measurement, used only after Stripe confirms a checkout made under the current “Accept all” choice as paid. Our server sends an order-scoped synthetic client identifier, an order-scoped transaction identifier, the amount charged, USD currency, the event time, and one generic “APLOMB order” marker. We do not send automatic subscription-renewal charges. This measurement does not install a Google tag or Google cookie in your browser, and it does not send Google your name, email, phone, address, card data, product or SKU, symptom or quiz response, page or landing-page history, browser or device identifier, Google click ID, advertising session, or user ID. Ad-user-data use and ads personalization are denied. The property’s user- and event-level retention is two months. Google Analytics data safeguards.
Meta Pixel and Microsoft Clarity load in your browser only if you click “Accept all” on the cookie banner. The server-side Google Analytics purchase event is likewise queued only when that optional consent is present at checkout. Choosing “Essential only,” turning on Global Privacy Control, having Do Not Track enabled, or being marked as an internal user prevents all three. These choices never prevent checkout. How purchase data may additionally be shared with Meta for advertising measurement, and how to opt out, is described under Do Not Sell or Share My Personal Information below.
How to refuse or remove cookies
From this banner: when you arrive, the cookie banner gives you “Accept all” or “Essential only.” You can change your mind at any time by clearing your browser's localStorage for getaplomb.com (the banner will re-appear on next visit). The choice present when you submit checkout governs measurement for that checkout; a later change governs later checkouts and cannot retract an event already sent. To request deletion of a past Google Analytics purchase event, email [email protected] with the order date and transaction identifier, if available.
From your browser: every modern browser lets you block or delete cookies in Settings. For details: Chrome, Safari, Firefox, Edge. Blocking strictly-necessary cookies may break checkout.
Do Not Track: We honor browser-level Do Not Track signals. When DNT is on, optional analytics & marketing technologies will not load even if you previously accepted them.
Do Not Sell or Share My Personal Information (California)
Get Aplomb does not sell personal information for money. When you have opted in, you clicked “Accept all” and have no Global Privacy Control or Do Not Track signal, we share limited information with Meta for advertising measurement: a one-way hashed email and the products in a completed order. This is sent both from your browser (the Meta Pixel) and from our server (the Meta Conversions API). California law treats this as a “share” for cross-context behavioral advertising. If you opt out by any method below, both the browser and the server-side sharing stop:
- click “Essential only” on the cookie banner (no browser or server-side sharing occurs); or
- email [email protected] with the subject line “CCPA opt-out”; or
- turn on Global Privacy Control (GPC) in a supported browser. We honor GPC site-wide.
Changes
If we add or remove a tool, we update this page and bump the effective date. If a material change expands optional processing, we require a fresh choice before using it for you. We may also communicate significant changes by email.
Contact
Questions: [email protected].