Cookie Policy

Last updated: January 17, 2026

1. What Are Cookies?

Cookies are small text files that are placed on your device (computer, smartphone, tablet) when you visit a website. Cookies allow the website to recognize your device and remember certain information about your preferences or actions.

This Cookie Policy explains what cookies we use, why we use them, and how you can control them.

2. Types of Cookies We Use

2.1 Strictly Necessary Cookies (No Consent Required)

These cookies are essential for the website to function and cannot be disabled.

Cookie NamePurposeDuration
sb-access-tokenSupabase authentication sessionSession (1 hour)
sb-refresh-tokenSupabase refresh tokenPersistent (30 days)
__Host-next-auth.csrf-tokenCSRF protectionSession
themeRemember your dark/light mode preference1 year

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR) - essential for service functionality

2.2 Analytics Cookies (Consent Required)

These cookies help us understand how visitors interact with our website by collecting and reporting information anonymously.

Cookie NameProviderPurposeDuration
ph_*PostHogPrivacy-first analytics, feature flags1 year
_gaGoogle Analytics (if enabled)Distinguish users2 years
_ga_*Google Analytics 4Session persistence2 years

Legal Basis: Consent (Art. 6(1)(a) GDPR)

Privacy-First Approach: We primarily use PostHog, a privacy-focused analytics platform that can be self-hosted and does not share data with third parties.

2.3 Functional Cookies (Consent Required)

These cookies enable enhanced functionality and personalization.

Cookie NamePurposeDuration
user-preferencesStore dashboard layout, filters, and settings1 year
onboarding-completedTrack onboarding flow completionSession

Legal Basis: Consent (Art. 6(1)(a) GDPR)

2.4 Performance and Error Tracking Cookies (Consent Required)

These cookies help us identify and fix errors and improve performance.

Cookie NameProviderPurposeDuration
sentry-*SentryError tracking and performance monitoringSession

Legal Basis: Legitimate interest (Art. 6(1)(f) GDPR - service improvement and security)

3. Cookies We Do NOT Use

In our commitment to privacy, we do NOT use:

  • ❌ Advertising or tracking cookies from ad networks
  • ❌ Social media tracking pixels (Facebook Pixel, LinkedIn Insight Tag)
  • ❌ Cross-site tracking cookies
  • ❌ Third-party advertising cookies
  • ❌ Cookie-based profiling for marketing purposes

4. Third-Party Services

Some cookies are set by third-party services we use:

4.1 PostHog (Analytics)

  • Purpose: Privacy-first product analytics and feature flags
  • Data Location: EU (self-hosted option available)
  • Privacy Policy: posthog.com/privacy

4.2 Sentry (Error Tracking)

  • Purpose: Error monitoring and performance tracking
  • Data Location: EU
  • Privacy Policy: sentry.io/privacy
  • Note: PII is automatically scrubbed before sending to Sentry

4.3 Supabase (Infrastructure)

  • Purpose: Authentication and database hosting
  • Data Location: EU (Frankfurt)
  • Privacy Policy: supabase.com/privacy

5. How to Control Cookies

5.1 Cookie Consent Banner

When you first visit our website, you'll see a cookie consent banner. You can:

  • Accept All: Allow all cookies
  • Reject Non-Essential: Only strictly necessary cookies will be used
  • Customize: Choose which categories of cookies to accept

You can change your cookie preferences at any time by clicking the "Cookie Settings" link in the footer.

5.2 Browser Controls

Most browsers allow you to control cookies through their settings:

  • Chrome: Settings → Privacy and security → Cookies and other site data
  • Firefox: Settings → Privacy & Security → Cookies and Site Data
  • Safari: Preferences → Privacy → Manage Website Data
  • Edge: Settings → Cookies and site permissions

Note: Blocking strictly necessary cookies may prevent the website from functioning properly.

5.3 Do Not Track (DNT)

We respect the "Do Not Track" (DNT) browser signal. If you enable DNT, we will not set analytics cookies (except strictly necessary cookies required for the service to function).

6. Local Storage and Similar Technologies

In addition to cookies, we may use similar technologies:

6.1 Local Storage

We use browser Local Storage to cache dashboard settings, user preferences, and temporary session data. This data never leaves your device.

Data stored:

  • Dashboard layout preferences
  • Filter and sort settings
  • Recent searches and selections
  • Cached API responses (for faster loading)

You can clear Local Storage data through your browser's developer tools or by logging out.

6.2 Session Storage

We use Session Storage for temporary data that is cleared when you close the browser tab:

  • Form data during multi-step processes
  • Temporary UI states
  • Navigation history within the app

7. Mobile Apps (Future)

If we release mobile applications in the future, this Cookie Policy will be updated to include information about mobile identifiers (IDFA, Advertising ID) and their usage.

8. Updates to This Cookie Policy

We may update this Cookie Policy from time to time to reflect changes in our practices or for legal, regulatory, or operational reasons. We will notify you of significant changes via:

  • In-app notification
  • Email (for registered users)
  • Updated "Last modified" date at the top of this page

9. Contact Us

If you have questions about our use of cookies or this Cookie Policy, please contact us:

🍪 Privacy-First Approach

We minimize cookie usage to what's necessary for functionality and improvement. We do not sell your data or use cookies for advertising purposes.