Cookie Policy

Cookies are small text files stored on your device. We also use comparable client-side storage (localStorage) for the same purposes. This page covers all such mechanisms.

These are required for the service to function and cannot be turned off. They never carry advertising identifiers.

sb-access-token (first-party, Supabase)

Authenticated session token. Session cookie, expires on sign-out or after 1 hour of inactivity.

sb-refresh-token (first-party, Supabase)

Refreshes the access token without re-prompting credentials. Persistent, 7-day rolling expiry.

skeldy_consent (first-party)

Records your cookie-consent choice so the banner doesn't reappear on every visit. Persistent, 12-month expiry.

NEXT_LOCALE (first-party)

Stores your preferred language so the marketing site renders the correct locale. Persistent, 12-month expiry.

CSRF + anti-abuse tokens (first-party)

Per-request tokens that prevent forged form submissions and rate-limit abusive traffic. Session cookies only.

If you accept analytics cookies, we use PostHog (eu.posthog.com) to understand which features help managers most and which need work. We never sell or share analytics data with advertisers. You can withdraw consent at any time.

ph_phc_* (third-party, PostHog EU)

Anonymous product-analytics event ID. Only set when you accept analytics; cleared on withdraw. 12-month expiry.

ph_session_* (third-party, PostHog EU)

Session correlation for funnel analysis. Same consent + lifecycle as above. Session cookie.

Use the cookie banner shown on your first visit, or revisit this page and choose "Update cookie preferences" below. Browser-level controls (Do Not Track, Global Privacy Control) are honoured.

If we add a new cookie or analytics tool we will update this page and prompt for fresh consent before activating it.