Legal

Cookie Policy

Effective April 28, 2026. We use the smallest possible set of cookies. No advertising, no third-party trackers, no fingerprinting.

1. What cookies are

A cookie is a small text file a website stores in your browser to remember things across page loads - for example, that you’re signed in. This policy covers cookies and similar browser storage (localStorage, sessionStorage) set by appeak.pro and by the small number of services we use to run the product.

2. The cookies we set

Everything we set on appeak.pro falls into one of two categories:

Strictly necessary - authentication

  • Supabase auth cookies (e.g. sb-<project>-auth-token). HTTP-only, secure, SameSite=Lax. Used to keep you signed in across page loads and to refresh your session safely. Lifetime: about 7 days, renewed automatically while you’re active. Cleared when you sign out.

These cookies are required for the app to work. Disabling them will prevent you from signing in.

Product analytics

  • PostHog. We use PostHog in cookieless mode(persistence: "memory") for general page-view and event analytics, so no PostHog identifier survives a browser refresh.Session replay is enabled and may use a short-lived session identifier in browser storage (cleared when the tab is closed) so we can stitch the events of a single visit together. We use this only to understand product usage and reproduce bugs.

3. Cookies we do NOT use

  • No advertising or remarketing cookies.
  • No third-party tracking pixels (Facebook Pixel, TikTok, etc.).
  • No fingerprinting libraries.
  • No data selling, ever.

4. Cookies set on other domains

When you click out to one of our service providers, cookies they set live on their own domain (not on appeak.pro). The relevant ones:

  • Lemon Squeezy checkout (appeakpro.lemonsqueezy.com). Lemon Squeezy is our Merchant of Record. When you’re on their hosted checkout, they set cookies on their own domain to handle your purchase, fraud prevention, and tax compliance. We do not see or control those cookies. See Lemon Squeezy’s privacy policy.
  • Supabase auth APIs (*.supabase.co). Email confirmation links pass through Supabase. Their session is request-scoped and not persisted as a cookie on your browser.
  • Vercel (our hosting provider). On preview/non-production URLs, Vercel may set protection or analytics cookies; on appeak.pro production deployments these are disabled.

5. Your choices

Block or delete cookies in your browser. Every modern browser lets you manage cookies per site (Settings → Privacy or Security). If you block our auth cookies, you won’t be able to sign in.

Opt out of analytics specifically. Setting your browser’s “Do Not Track” (DNT) or “Global Privacy Control” (GPC) signal is respected by PostHog - we will not capture analytics events when either is set. You can also block PostHog at the network level via your browser’s tracking protection.

6. Changes to this policy

If we add new cookies or change how the existing ones are used in a material way, we will update this page and the effective date at the top. For non-material changes (clarifications, formatting), we’ll just edit in place.

7. Questions

Reach us via the contact form. The full picture of how we handle data lives in the Privacy Policy.