Cookie Policy

We use only the cookies and storage required to deliver the service securely. Analytics and marketing cookies are off by default and only set after explicit opt-in via the cookie banner.

• Supabase auth session — HttpOnly, Secure, SameSite=Lax
• Cloudflare — bot management and WAF (cf_clearance, __cf_bm)
• Turnstile challenge — bot protection on auth forms
• enerwise_consent — stores your cookie preference (12 months)

• Vercel Analytics — aggregate page views, no IP stored

• localStorage — cached map tiles and assessment drafts; cleared on sign-out

None. We do not run advertising trackers.

Use the "Cookie settings" link in the page footer at any time, or clear cookies in your browser. Disabling strictly-necessary cookies will break login. See also our Privacy Policy.