Cookie Policy
Effective date: April 16, 2026 · Last updated: April 16, 2026
This Cookie Policy explains how Policy Stack uses cookies and similar storage technologies (local storage, session tokens) when you visit policystack.co or use the Service. This policy is a companion to our Privacy Policy.
1. What Are Cookies
Cookies are small text files that a website places on your device to remember information between visits. We also use browser local storage and session storage to persist settings on your device — these are functionally similar to cookies but are not transmitted on every request.
2. Categories We Use
Policy Stack does not use advertising cookies, third-party tracking pixels, or cross-site behavioral profilers. The categories below are the only ones in scope.
Strictly Necessary
Required for the Service to function. Cannot be disabled.
| Cookie | Purpose | Duration |
|---|---|---|
| sb-<project>-auth-token | Supabase authentication session (HTTP-only, Secure) | 1 hour (refreshed) |
Functional (browser storage, not cookies)
Preferences saved in your browser’s local storage. These never leave your device unless you explicitly sync them.
| Key | Purpose | Duration |
|---|---|---|
| theme-mode | Light/dark/auto preference | Until cleared |
| tool-scenario-* | Draft tool calculator inputs | Until cleared |
Attribution
Records the advisor whose referral link brought you to Policy Stack, so the correct advisor receives referral credit if you subscribe. First-touch model — if multiple referrals occur, the first one is honored.
| Cookie | Purpose | Duration |
|---|---|---|
| ps-ref | First-touch advisor referral attribution | 90 days |
Analytics
Set by PostHog, our product analytics provider, to help us understand how the Service is used. No individual fingerprinting, no advertising identifiers, no cross-site tracking. We do not send financial values, policy details, or AI chat content to PostHog.
| Cookie | Purpose | Duration |
|---|---|---|
| ph_<project>_posthog | PostHog distinct ID, session ID, feature flags | 1 year |
Diagnostic
Used by Sentry to correlate errors across our stack. These are not stored in a persistent cookie — they are request-scoped headers.
| Identifier | Purpose | Duration |
|---|---|---|
| sentry-trace | Per-request error correlation (no PII) | Request |
3. What We Don't Do
- No advertising cookies
- No third-party tracking pixels
- No data shared with ad networks or data brokers
- No cross-site behavioral profiling
- No sale or sharing of data for advertising purposes
4. Managing Cookies
You can control cookies in several ways:
- In Policy Stack: Opt out of analytics cookies in Settings > Privacy.
- In your browser: Most browsers allow you to block or delete cookies through their privacy settings.
- Via Do Not Track: We honor the Do Not Track (DNT) and Global Privacy Control (GPC) signals — when either is present, analytics cookies are not set.
Disabling strictly necessary cookies will prevent the Service from functioning.
5. Changes to This Policy
We will update this policy when we add, change, or remove cookies. Material changes will be reflected by a new “last updated” date above and, where appropriate, in-app notification.
6. Contact
Questions about cookies? Email support@policystack.co.