Cookie Policy
⚠️ DRAFT — engineering-authored placeholder reflecting the actual data flows; MUST be reviewed and finalized by legal counsel before publish. Not legal advice.
This draft describes the cookies and browser storage the site actually uses, grounded in docs/design/analytics-consent.md and api-design.md. Counsel should confirm wording and any jurisdiction-specific requirements.
Effective date: [PLACEHOLDER: effective date] Last updated: [PLACEHOLDER: last-updated date]
1. What cookies and storage we use
We group cookies and similar browser storage into two categories.
1.1 Strictly necessary (always on)
These make the site work and record your privacy choice. They cannot be turned off and are not used for analytics or advertising. They are set whether or not you accept analytics.
This category includes the cookie that records your consent choice itself (me_consent), the admin-area session and CSRF cookies (only relevant to logged-in administrators), and Cloudflare's functional/edge cookies.
1.2 Analytics (opt-in only)
These are set by our self-hosted PostHog analytics only after you opt in via the cookie banner. Before you consent, no PostHog cookie is set and no analytics request is made (analytics-consent.md §1.5, §4.2). They are served first-party through our own /ingest path rather than from a third-party analytics domain (analytics-consent.md §1.2).
2. Cookie / storage table
| Name | Purpose | Category | Duration |
|---|---|---|---|
me_consent | Records your cookie consent choice (whether analytics is on/off) and the consent version | Strictly necessary | ~12 months |
__Host-me_session | Admin login session (access token) — admins only | Strictly necessary | Session / ~15 minutes |
__Host-me_refresh | Admin session refresh token — admins only | Strictly necessary | ~7 days |
__Host-me_csrf | CSRF double-submit token protecting admin actions — admins only | Strictly necessary | Tied to the admin session |
| Cloudflare functional cookies | CDN/WAF/edge routing and security | Strictly necessary | Per Cloudflare's defaults |
PostHog ph_* (e.g. ph_<project>_posthog) | Pseudonymous analytics distinct-id and session/event state | Analytics (opt-in) | Per PostHog's defaults [PLACEHOLDER: confirm exact PostHog cookie names/durations once the project key is set] |
Cookie names use the __Host- prefix where shown (host-only, HTTPS-only); they are described in api-design.md §3.x. The admin cookies only appear for people who log into the admin console — ordinary visitors never receive them.
3. Functional storage that is NOT analytics
Some features use localStorage rather than cookies, and these are necessary / functional, not analytics (analytics-consent.md §4.6):
- Popup frequency caps — so a marketing popup doesn't keep re-appearing after you've
dismissed it.
- Chat widget session state — so your chat conversation persists as you browse.
These work regardless of your analytics choice. If you reject analytics you can still see popups, use the chat, and download a lead magnet — only the *analytics events about* those actions are suppressed. This functional storage is never used to track you for analytics or advertising.
4. How to control cookies
When you first visit, a consent banner appears. It offers, with equal prominence:
- Accept analytics,
- Reject analytics (just as easy as accepting — same size and prominence), and
- Preferences, where you can toggle the analytics category on or off (strictly
necessary cannot be toggled off).
You can change or withdraw your choice at any time using the "Cookie settings" link in the site footer, which re-opens the preferences panel (analytics-consent.md §4.3, §4.4). If you turn analytics off after having it on, we stop capturing and clear the PostHog analytics cookies.
We will ask you to choose again if your consent cookie expires (about 12 months) or if we make a material change to our cookies (for example, adding a new category) — handled by a consent version bump.
We do not run any advertising or marketing-tracking cookies. If that ever changes, it would be a separate opt-in category — it would never ride on the analytics toggle.
5. More information
For who we are, how long we keep data, your rights, and our processors, see the Privacy Policy (the processor list is in §4 there). Questions: [PLACEHOLDER: privacy contact email] or hello@mattoxengineering.com.