1. What cookies are
Cookies are small text files placed on your device when you visit a website. They let the site remember your actions and preferences (login state, language, region) so you don't have to re-enter them every time. We also use similar technologies — local storage, session storage, and pixel tags — and refer to them all collectively as "cookies" in this policy.
2. Categories we use
Strictly necessary
Required for the Service to function — authentication, security tokens, load balancing. These cannot be disabled.
Functional
Remember your preferences (theme, sidebar collapse state, language). Without them the site still works but you'd lose personalization.
Analytics
Help us understand how the product is used so we can improve it. Aggregate, never sold. Set only with your consent in EU/UK/Türkiye.
Marketing
Used to measure campaign performance and personalize ads on third-party sites. Set only with explicit opt-in consent.
3. Detailed list
| Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
sh_session | SecureHup | Authenticated session token | Session | Necessary |
sh_csrf | SecureHup | CSRF protection | Session | Necessary |
sh_lb | SecureHup | Load balancer affinity | 1 hour | Necessary |
sh_theme | SecureHup | UI theme preference | 1 year | Functional |
sh_locale | SecureHup | Language preference | 1 year | Functional |
_ph_* | PostHog | Product analytics | 13 months | Analytics |
_ga, _ga_* | Google Analytics | Marketing-site analytics | 2 years | Analytics |
__cf_bm | Cloudflare | Bot management | 30 minutes | Necessary |
li_at, _li_* | Conversion tracking (opt-in) | 2 years | Marketing |
4. Third-party cookies
Some cookies are set by partners we use to deliver the Service:
- Cloudflare — security & bot mitigation (policy).
- Google Analytics 4 — anonymized marketing-site usage (policy).
- PostHog (self-hosted) — in-product event analytics (no third-party data sharing).
- Stripe — payment fraud detection on the billing page (policy).
We do not use ad-serving cookies on authenticated product pages.
5. Managing cookies
You can change your consent at any time via the Cookie Preferences link in the site footer. You can also block or delete cookies in your browser:
Disabling strictly necessary cookies will break sign-in and other core features.
6. Changes
We may update this policy as we add or remove cookies. Material changes are announced in-product and via the cookie banner.
Questions? privacy@securehup.com