Cookie Policy

Last updated: July 3, 2026

Every cookie, listed by name

DukPdf sets two essential cookies — one that keeps you signed in and one that makes free-tier limits work. Everything else is opt-in: Google Analytics cookies and, as a separate choice, Google's ad-click measurement. No personalized advertising, no remarketing, no selling cookie data — ever. This page lists everything, by name, including browser storage that isn't technically a cookie.

What cookies are

Cookies are small text files stored by your browser when you visit a website. They let the site remember things between visits — like whether you're logged in. Websites can also keep data in your browser's local storage, which works similarly but never travels with requests. We treat both with the same transparency and list both below.

Cookies we set

dukpdf_anon_id— Essential · first-party · lasts 90 days. A random, signed identifier that lets the free tier count conversions and stops automated abuse when you're not signed in. It is used for nothing else — no advertising, no profiling, never shared. Because it's strictly necessary for the fraud-prevention and fair-use side of the service you're requesting, it doesn't require consent — but we list it here because you deserve to know it exists.
sb-…-auth-token (and related sb-…cookies) — Essential · first-party. Set by our authentication provider (Supabase) when you sign in; they keep you signed in securely across pages and visits. Without them, login doesn't work.
_ga and _ga_… — Optional analytics · set by Google Analytics · last up to 2 years. Only set after you consentin the banner — until then the Google script doesn't even load, and if you reject it never does. Used to measure page visits and which tools get used.
_gcl_…— Optional ad-click measurement · set by Google · lasts about 90 days. Only with your separate consent to “Ad-click measurement”. If you arrived from a Google ad, these let Google count that the ad led to a signup or purchase — so we know which ads work. Measurement only: personalized ads and remarketing are permanently disabled in our code, not just unticked.

That's the complete list. No personalized-advertising or remarketing cookies. No cross-site behavioral tracking. No social-media embed cookies (we don't embed any). We do not sell or share cookie data with anyone.

Your consent choices

Nothing optional runs until you switch it on. The consent banner's Accept button enables analytics only; Manage cookies gives per-category control, and the ad-click measurement category can only be enabled there (all optional categories start off — saving without turning anything on declines them all). Visitors in the UK and Europe also see a one-click Reject button. Closing the banner with the ✕ chooses nothing: everything optional stays off, and we may ask again on a later visit.

Change your mind any time via “Cookie settings” in the page footer — withdrawing consent stops the category from that moment, and you can clear the _ga/_gcl cookies in your browser to remove them immediately. Ad-click measurement only runs together with analytics.

Browser storage that isn't a cookie

The web app also uses your browser's local storage. This data stays in your browser — it is not sent to us:

  • dukpdf_analytics_consent— remembers your Allow/Reject choice so we don't keep asking.
  • dukpdf_usage_cache… and dukpdf_pro_cache… — a local copy of your recent usage counts and plan status so the app can respond instantly and work offline; the authoritative copy lives in your account.
  • pdf-signatures — signatures you save in the Sign PDF tool, stored only on your device.
  • dukpdf_anon_id (fallback) — only if your browser blocks cookies entirely, the anti-abuse ID is kept here instead.
  • Checkout session keys — short-lived entries that prevent a purchase from being counted twice in analytics and remember an in-progress checkout.
  • Offline tool cache — a service worker caches the WebAssembly engines (for example the Office-to-PDF converter) so tools load fast and work offline. This is application code, not your data.

The desktop app

The desktop app uses no cookies and contains no analytics. It keeps a few local files in its own app-data folder (usage counts, plan cache, preferences) and stores your sign-in session in your operating system's keychain or credential manager. All of it stays on your machine, and all of it is described in the Privacy Policy.

Blocking cookies in your browser

You can block or delete cookies in your browser's settings at any time. File processing is local and doesn't depend on cookies, so the tools keep working. What's affected:

  • Staying signed in— blocking the Supabase cookies means you'll need to log in each visit.
  • Free-tier limits— the anti-abuse ID falls back to local storage; blocking both may make free-tier counting stricter, since we can't tell your visits apart.
  • Analytics and ad measurement— stop entirely. If you've rejected them in the banner, they were never running anyway.

Changes to this policy

If we add, remove, or change the cookies or storage we use, we'll update this page and the “Last updated” date at the top. For material changes, we'll notify account holders by email.

Contact

Questions about cookies or anything in this policy? Email support@dukpdf.com. We read every message.