§1Categories we use
- Strictly necessary — required to sign you in, keep you signed in, accept payments, and stop automated abuse. These cannot be disabled without breaking the service.
- Analytics — product telemetry that helps us see which features people use and which screens crash. Loaded only after you give consent.
- Marketing — we do not currently set any marketing cookies. If we add them later we will refresh consent.
§2What we set today
| Name | Purpose | Category | Provider |
|---|---|---|---|
| localStorage.accessToken | 15-minute JWT for authenticating API calls. | Strictly necessary | PicCull |
| localStorage.refreshToken | Opaque 48-byte refresh token used to mint new access tokens for 7 days. | Strictly necessary | PicCull |
| sessionStorage.sessionExpired | Flag that tells the login page to show a forced-logout banner. | Strictly necessary | PicCull |
| __stripe_mid / __stripe_sid | Fraud-prevention identifiers set by Stripe Checkout. | Strictly necessary | Stripe |
| Turnstile internal cookies | Bot challenge tokens set by Cloudflare Turnstile on signup and login. | Strictly necessary | Cloudflare |
| ph_* (PostHog) | Product analytics: page views, feature usage. Loaded only after consent if PostHog is enabled. | Analytics | PostHog |
§3Managing consent
[TERMLY / ATTORNEY DRAFT] Termly Pro auto-banner snippet ships consent UI. When wired, document the location of the 'Cookie Preferences' link here (footer or in-app), and replace this placeholder with the actual control surface.
Until the consent banner ships, analytics cookies remain disabled by default. You can also block cookies through your browser settings — note that blocking strictly-necessary cookies will sign you out and break Stripe Checkout.
§4Do Not Track
Our analytics pipeline respects the browser’s “Do Not Track” header — when set, we do not load PostHog or any analytics cookies, regardless of in-app consent.
§5Questions
Email privacy@piccull.com if you have questions about what we store.