Cookie Policy
VCI Marketplace, operated by Vibe Coding Incubator LLC (Stripe d/b/a "Marketplace VC Inc.")
Effective date: June 1, 2026 Last updated: June 1, 2026
We use the minimum cookies needed to keep you signed in. We do not use analytics, advertising, or tracking cookies. This Cookie Policy lists what is actually set in your browser when you use VCI Marketplace, what it does, and how to control it.
1. What is a cookie?
A cookie is a small text file stored in your browser by a website. Similar technologies (including localStorage, sessionStorage, IndexedDB, and service-worker caches) also store small pieces of data in your browser. In this Policy we use "cookie" loosely to cover all of them, and we are specific about which we use.
2. The cookies we use
Today, the only cookies set by the Platform are our authentication session cookie that keeps you signed in. The backend API is cookie-free; it uses secure access tokens on each request. We do not run analytics, advertising, or marketing tracking.
This cookie is strictly necessary. It is set by our authentication provider in a first-party context, it keeps you signed in across pages and is required for any signed-in features, and it lasts only for the life of your session: the short-lived session token typically expires after about an hour, and the longer-lived refresh token rolls within about 30 days.
We use no other cookies of our own. We run no analytics, advertising, marketing, or other tracking technologies of any kind, including session-replay tools and advertising or attribution pixels.
3. Other browser storage (not cookies, but worth disclosing)
3.1 localStorage
We use localStorage for a handful of UI-state items that are first-party and do not track you across sites:
- a flag that remembers your post-verification redirect intent (so we return you to the right page after you confirm your email);
- flags for banners you have dismissed;
- your preferred view mode (grid or list);
- a resend-email cooldown timestamp (so we do not spam the verification endpoint when you click "resend");
- our authentication provider may also persist its session token here in addition to (or instead of) cookies, depending on browser configuration.
3.2 sessionStorage
We may store a short-lived sign-in token in your browser's session storage when you authenticate into an embedded seller App. This token expires automatically when you close the tab.
3.3 IndexedDB
We do not use IndexedDB.
3.4 Service-worker cache
We register a Progressive Web App service worker that caches static assets (icons, scripts, styles) and some API responses for offline support. This is caching for performance, not tracking; no data leaves your browser as a result of the cache.
4. Third-party content on the Platform
4.1 Stripe Checkout
When you proceed to checkout, the payment form is hosted by Stripe in an iframe on Stripe's domain. Stripe sets its own cookies on its pages, typically for fraud prevention. These are governed by Stripe's privacy notice and cookie policy at stripe.com.
4.2 Embedded demo videos
Seller listings may embed videos from a third-party video provider. When you press play (or, depending on the embed, when the page loads), the video provider receives your IP address and viewing data and may set cookies on its own domain under its own policy. We do not control these cookies and we do not currently use the privacy-enhanced ("no-cookie") variant of the embed.
4.3 Third-party sign-in (single sign-on)
If you use third-party sign-in (single sign-on), the provider's consent page is hosted on the provider's own domain and the provider's cookies apply only during your visit to that page. No such cookies are set in your VCI Marketplace session as a result of using third-party sign-in.
4.4 Edge protection
Network-level protection against bots and abuse may evaluate request signals at our hosting and edge providers. Where edge providers set cookies for these purposes, they are operational and strictly necessary; we will update this Policy if and when a meaningful cookie is set at the edge.
5. Fonts and other assets
We serve fonts ourselves. Your browser does not contact a third-party font network when our pages load.
6. Consent
Because we currently use only strictly-necessary cookies (our authentication session cookie) and no analytics or marketing trackers, we do not currently display a cookie-consent banner. Consent is required for non-essential cookies, not for cookies that are strictly necessary to provide a service you have requested.
If we introduce analytics, advertising, or other non-essential cookies in the future, we will: (a) update this Policy; (b) display a granular consent banner where consent is required; and (c) make "Reject all" as easy as "Accept all."
7. How to control cookies
7.1 Browser settings
You can block or delete cookies through your browser's settings. If you block our authentication session cookie, you will not be able to sign in.
- Chrome: see the cookie settings in your browser's official help center
- Safari: support.apple.com/HT201265
- Firefox: support.mozilla.org/kb/cookies
- Edge: support.microsoft.com/microsoft-edge
7.2 Global Privacy Control (GPC)
We recognize the Global Privacy Control signal as a valid opt-out of sale/sharing and of targeted advertising for users in California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas, even though we do not currently engage in sale, sharing, or targeted advertising. If those practices ever change, the opt-out you have signaled will be respected by default.
7.3 Do Not Track
Browsers may transmit a legacy "Do Not Track" signal. There is no industry standard for responding to it. We do not currently take any action that would be controlled by Do Not Track because we do not engage in cross-site tracking; we honor GPC as described above.
8. Changes to this Policy
We may update this Policy when our cookie practices change, for example, if we introduce analytics. The "Last updated" date at the top reflects the most recent revision. Material changes will be notified by email and/or by a prominent notice on the Platform.
9. Contact
Questions about cookies: privacy@vcinc.ai.