Cookie Policy

Cookies are small text files websites store in your browser. HookDoc uses them to keep you signed in (sender), identify reviewer sessions (reviewer), and remember your language preference. We do not use third-party analytics SDKs.

HookDoc only uses first-party cookies that are essential for the Service to operate (consent-exempt under GDPR Recital 30 / ePrivacy Directive Art. 5(3) / the Korean ICN Act):

• `sb-*` (Supabase auth) — keeps Google OAuth sign-in session. HttpOnly · Secure · SameSite=Lax. • `viewer_session_{reviewId}` — reviewer session identification. HttpOnly · Secure · SameSite=Lax · Path=/. Rolling 400-day Max-Age. • `NEXT_LOCALE` — remembers your language (ko / en). • `hookdoc_anon_seen_{reviewId}` (localStorage) — shows the anonymity notice modal once.

HookDoc has permanently decided against introducing third-party analytics SDKs (2026-04-22). Session replay and heatmap-style review signals are implemented in-house (`document_events` log + rrweb stored in R2), and this data is transmitted from your browser only to HookDoc's own servers.

Because there are no optional cookies or third-party SDKs, we do not operate a cookie consent banner. If this policy changes, we will update this page in advance and introduce an explicit consent flow at that time.

Blocking cookies directly in your browser also blocks essential cookies, which will break sign-in and review functionality. This is a browser-side outcome that HookDoc cannot reverse for you.

HookDoc itself does not embed ad networks, tracking pixels, or third-party analytics SDKs. The only third-party domain that sets cookies today is accounts.google.com during Google OAuth sign-in, which operates under Google's own policies.