By default, Bubble sets a couple of cookies on end-users and visitors of your Bubble app. These are for authentication purposes and enable key functionality of the Bubble platform, such as keeping an end-user logged in, being able to tie a visitor to an app user through sign-up, etc.
To be specific, here are the cookies Bubble sets by default:
One to mark the user’s session ID
One with the session signature to prevent tampering
One that tells the browser who the current user is
In addition, you may see a cookie (__cfduid) from Cloudflare (a feature which is provided by Bubble for all apps), which is described here but is being deprecated by Cloudflare starting May 2021.
Note that there is a setting for your app that stops Bubble from setting cookies on new visitors; this is off by default.
Also, various plugins that you choose to install in your app may also set cookies on the app's visitors or end-users. If a plugin does this, Bubble has no way to offer finer-grained control over those cookies. If this is a concern to you, we recommend you try installing the plugin and seeing what cookies are set in run-mode to determine if it's appropriate for your use case.