Cookie Policy
Last updated: 22 May 2026
1. About cookies
Cookies are small text files placed on your device when you visit a website. They are widely used to make websites work, improve efficiency, and provide information to site owners.
This policy explains what cookies and similar technologies (including local storage) the Planpath platform uses, why we use them, and how you can control them.
2. Strictly necessary cookies
These cookies are essential for the Platform to function. They cannot be disabled without breaking core features. Under the UK Privacy and Electronic Communications Regulations (PECR), these do not require consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| sb-*-auth-token | Supabase | Authentication session (encrypted JWT). Keeps you signed in securely. | Session |
| sb-*-auth-token-code-verifier | Supabase | PKCE verification during OAuth sign-in flows. | Session |
| sidebar_state | Planpath | Remembers whether the navigation sidebar is expanded or collapsed. | 7 days |
3. Analytics cookies
These cookies are only set if you accept analytics. Before consent, our PostHog product analytics still runs but operates in memory only — it sets no cookies and writes nothing to your browser’s local storage (see section 4 below for how that works). Once you accept, PostHog upgrades to the persistent identifiers below and Google Analytics begins firing.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
| ph_* | PostHog (EU) | Product analytics — page views, feature usage. Only written after you accept analytics. Identifies returning visitors and signed-in users across sessions. Session recording is disabled. | 1 year |
| _ga, _ga_* | Google Analytics (via GTM) | Marketing analytics — page views, traffic sources, conversion events. Only set after you accept analytics. | 2 years |
4. Anonymous analytics before consent
To measure how people arrive at and move through our marketing pages, PostHog is initialised as soon as a page loads but is configured to use memory-only storage. That means no cookies are set, no entries are written to your browser’s local storage, and the temporary in-session identifier is discarded the moment you close the tab. We also derive a country-level location from your IP address for fraud prevention and to confirm you are visiting from within our UK service area; the IP itself is not stored. We rely on legitimate interests for this minimal, non-tracking processing — see the Lawful basis section of our Privacy Policy for the assessment. If you accept analytics, PostHog upgrades to the persistent cookies listed in section 3; if you decline, it stays in memory-only mode.
5. Session replay and error monitoring
To understand how people use the platform and identify where they get stuck, we record anonymised session replays via PostHog. All on-screen text is masked and replaced with placeholder characters, all input field values are masked, and no personally identifiable information is captured. What is recorded is the page structure, mouse movements, clicks, scrolls, navigation events, and console messages. Replays are retained for 30 days and then automatically deleted. Recording starts when a page loads under the same legitimate-interests basis as our anonymous analytics and does not require any cookies to be set. Separately, we use Sentry to detect and reproduce technical errors; Sentry captures a session replay only when an error occurs in your session, with the same text masking and media blocking, and those replays are deleted after 90 days.
6. Third-party cookies
Some third-party services may set their own cookies:
- Stripe: when you interact with payment forms, Stripe may set cookies on their domain (stripe.com) for fraud prevention. These are essential for secure payment processing.
- Google Tag Manager: may set additional cookies depending on tags configured in our GTM container.
7. Local storage
In addition to cookies, we use your browser’s local storage for application functionality:
- Shopping basket: items you add to your basket are stored locally so they persist between page navigations.
- AI conversation sessions: your AI discover conversations are stored locally for continuity.
- UI preferences: layout preferences, dismissed help tips, and table column settings.
Local storage data stays on your device and is not transmitted to our servers. You can clear it at any time via your browser settings.
8. Managing cookies
You can control cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored and delete them individually.
- Block third-party cookies.
- Block cookies from specific sites.
- Block all cookies.
- Delete all cookies when you close your browser.
Please note that blocking essential cookies will prevent you from signing in and using authenticated features of the Platform.
9. Changes to this policy
We may update this policy when we add new services or change how we use cookies. The “last updated” date at the top reflects the most recent revision.
10. More information
For more details on how we handle your personal data, see our Privacy Policy.
If you have questions about our use of cookies, contact us at support@planpath.co.uk.