Cookies
Last updated: 2026-06-05
The short version
This site doesn't set cookies. There's no advertising, no ad network, and nothing that follows you around. That's also why there's no cookie pop-up: there's nothing to consent to.
How we count visits
I do want to know whether anyone's actually reading this, so the site uses Cloudflare Web Analytics. It's cookieless. It measures page views and rough traffic (how many people, which page, what country, what device, and which link sent them here) without setting a cookie, without storing anything on your device, and without a way to identify you personally. There's no profile of you anywhere. If that ever changes, this page changes first.
The desktop app
The app isn't a browser, so "cookie" doesn't quite fit, but it does keep a few files on your own machine. These stay on your device; they are not sent to Cursorly's servers:
- Session token. Your signed-in tokens, in
%LocalAppData%\Cursorly\session.json, encrypted with Windows DPAPI. Used to authenticate when you're on the hosted backend. - Vision consent. The yes/no you gave the first time Cursorly offered to use a screenshot, in
vision_consent.json, also DPAPI-encrypted. - Hotkey. Your chosen shortcut, in
hotkey.txt, plain text. - Plan cache. A small SQLite file (
plans.db) of recent plans, capped at 500 rows and 30 days, so repeat tasks feel instant instead of re-asking the model.
Delete the %LocalAppData%\Cursorly\ folder and they're all gone. Signing out from the tray clears the session token.
When you sign in or pay
If you sign in or buy a plan, you'll briefly land on Supabase (sign-in) or Stripe (payments) in your browser. Those set their own cookies, governed by their own policies. Cursorly can't read them.