Legal · Cookies

Cookie Policy.

Last updated: 20 June 2026 Effective: 20 May 2026
The short version: We use cookies only where they're needed to log you in, keep you logged in, and remember basic preferences like your billing cycle toggle. We don't use advertising, analytics, or tracking cookies. You'll see a brief cookie notice once, so you can record your preference.

01What are cookies

Cookies are small text files that websites store on your device (computer, phone, tablet) when you visit them. They allow the website to remember you between visits — for example, to keep you signed in or remember your preferences.

We also use similar technologies like localStorage and sessionStorage, which work the same way but store data directly in your browser. For simplicity, we refer to all of these as "cookies" in this policy.

02How we use cookies

We use cookies for one reason only: to make the service work. Specifically:

  • To keep you signed in to your account between page loads
  • To remember your preferences (e.g. billing cycle toggle, dismissed banners)
  • To protect against CSRF attacks and other security threats

We do not use cookies for:

  • Advertising or behavioural tracking
  • Profiling or building marketing audiences
  • Cross-site tracking
  • Third-party analytics that share data with other companies

03Types of cookies we use

Strictly necessary Always on

These are essential for the site to work — you can't opt out, because without them you can't sign in or stay signed in. No consent is required for these under UK PECR.

NamePurposeDuration
sb-access-tokenAuthentication session (Supabase)1 hour
sb-refresh-tokenAuthentication session refresh (Supabase)7 days
__cf_bmBot management (Cloudflare)30 minutes
Functional Local browser storage

Stored in your browser (not sent to our servers) to remember small preferences. You can clear these any time via your browser settings.

NamePurposeDuration
billingCycleRemembers your pricing toggle (monthly/quarterly/yearly)Session
upgradeBannerDismissedRemembers if you've dismissed the upgrade bannerSession
consoleAutoscrollRemembers auto-scroll preference in server consoleSession
ll_cookie_consentRemembers your choice on the cookie notice (with timestamp) so we don't ask againPersistent
Analytics Opt-in — “Accept all” only

Product analytics from PostHog, which help us understand how the site is used so we can improve it (which pages are visited, where sign-ups drop off, and which errors occur). These only ever load if you choose “Accept all” on the cookie notice — they never load under “Essential only” — and they respect Do Not Track and Global Privacy Control. PostHog processes this data in the EU.

NamePurposeDuration
ph_*_posthogAnonymous usage analytics — a distinct visitor ID plus session and feature-flag state (PostHog)Up to 1 year

04Third-party cookies

We use a small number of trusted providers to run our service. The cookies these providers set are limited to what's needed for security and functionality.

ProviderPurposePrivacy policy
SupabaseAuthentication and session managementsupabase.com/privacy
CloudflareSecurity, DDoS protection, bot detectioncloudflare.com/privacypolicy
Stripe (future)Payment security and fraud preventionstripe.com/privacy
PostHog (analytics, opt-in)Product analytics — loads only after “Accept all” consentposthog.com/privacy

05Managing your preferences

We use strictly necessary and functional cookies, plus optional analytics cookies (PostHog) that load only with your consent. UK PECR doesn't require a consent banner for the necessary and functional cookies, but we still show a brief notice on your first visit so you can record a preference. Choosing “Essential only” declines the optional analytics cookies — they never load. Choosing “Accept all” enables PostHog product analytics. We store your choice in your browser as ll_cookie_consent so we don't ask again, and you can change it by clearing that value in your browser storage.

If you want to opt out anyway, you can:

  • Sign out of your account, which clears the authentication cookies
  • Clear your browser cookies and storage via your browser settings — this will also sign you out and reset preferences
  • Block all cookies in your browser — but note that this will prevent you from signing in or using authenticated features

Most browsers let you manage cookies in detail. Here are quick links:

06Changes to this policy

If we change which cookies we use, we'll update this policy and the "Last updated" date at the top. For material changes — like adding analytics or advertising cookies — those will only ever load after you've chosen “Accept all” on the notice, and we'll notify existing users by email.

07Contact us

For questions about cookies or your privacy, contact:

Data Protection Contact

Email: privacy@lowlight.host

See our full Privacy Policy for details about how we handle personal data.