Last updated: March 23, 2026
This Cookie Policy explains how ARK Financial Group, LLC (“ARK Financial,” “we,” “us,” or “our”) uses cookies and similar storage technologies on the Ark Academy platform (“Platform”). By using the Platform, you consent to the use of these technologies as described below.
1. What Are Cookies?
Cookies are small text files placed on your device by a website. They allow the site to remember your preferences and activity across sessions. The Platform also uses browser localStorage — a client-side storage mechanism that persists between browser sessions but is never sent to our servers.
2. Authentication Cookies (Supabase)
The Platform uses Supabase for authentication. When you sign in, Supabase sets the following cookies:
| Cookie Name | Purpose | Duration |
|---|---|---|
| sb-[project]-auth-token | Stores your encrypted session token to keep you signed in | Session / up to 1 hour |
| sb-[project]-auth-token-code-verifier | Used during OAuth and PKCE flows to verify authorization codes | Session |
| sb-refresh-token | Allows the Platform to silently refresh your session without re-login | Up to 60 days |
These cookies are strictly necessary for the Platform to function. They cannot be disabled without logging out. Session tokens are encrypted and scoped to your Supabase project — they are never shared with third parties.
3. Infrastructure Cookies (Vercel)
The Platform is hosted on Vercel's edge network. Vercel may set technical cookies to support routing and performance:
| Cookie Name | Purpose | Duration |
|---|---|---|
| __vercel_live_token | Used for preview deployments and real-time collaboration features | Session |
| _vercel_no_cache | Bypasses edge cache for authenticated or dynamic requests | Session |
These cookies are set by Vercel's infrastructure and are required for the Platform to be delivered reliably. No personally identifiable data is stored in these cookies.
4. Password Manager (localStorage)
If you use the Platform's built-in Password Manager feature, data is stored exclusively in your browser's localStorage — never on our servers in plaintext. Specifically:
- Encrypted vault data — Your saved credentials are encrypted client-side using AES-256-GCM before being stored. The encryption key is derived from your master password using PBKDF2 with 600,000 iterations. Your master password is never transmitted to our servers.
- Vault lock state — A flag indicating whether your vault is locked or unlocked during the current session. This is cleared when you lock, log out, or after 15 minutes of inactivity.
- Auto-lock timer — A timestamp used to enforce automatic vault locking after 15 minutes of inactivity.
You can clear all Password Manager localStorage data at any time by locking the vault, signing out, or clearing your browser's site data for arkacademy.app.
5. Demo Mode (sessionStorage)
When you access the Platform in demo mode (e.g., via /clientdemo or /advisordemo), a demo state flag is stored in sessionStorage. This flag is automatically cleared when you close the browser tab. No account data is written during demo mode.
6. Analytics
The Platform does not currently use third-party analytics cookies (Google Analytics, Mixpanel, Amplitude, etc.). Usage analytics are derived solely from internal database queries against data you've already provided. This may be revisited in a future update, at which point this policy will be amended and you will be notified.
7. Managing Cookies
You can control cookies through your browser settings. Most browsers allow you to refuse new cookies, delete existing cookies, and configure notifications when cookies are set. Please note that disabling authentication cookies will prevent you from signing in to the Platform.
To clear localStorage and sessionStorage, use your browser's developer tools (F12 → Application → Storage) or clear site data for arkacademy.app through your browser privacy settings.
8. Contact Us
Questions about this Cookie Policy should be directed to support@arkfinancial.com.