Cookie Policy
Version 1.0. Effective May 16, 2026.
What cookies we use
Ensealed uses the smallest set of cookies needed to run the service. We use no advertising cookies, no third-party social trackers, and no fingerprinting.
Essential cookies (no consent required)
| Name | Purpose | Duration |
|---|---|---|
| sb-access-token | Supabase auth session | 1 hour, rotating |
| sb-refresh-token | Supabase auth session refresh | 7 days, rotating |
| cc_cookie | Stores your consent choices | 12 months |
| Polar checkout | Payment session, set only on checkout pages | Session |
Analytics cookies (consent required)
If you accept analytics in our cookie banner, we set the following cookies:
| Name | Provider | Purpose | Duration |
|---|---|---|---|
| ph_* | PostHog Inc. | Anonymous product usage events, session ID | 365 days |
Cookieless measurement
We use Cloudflare Web Analytics for aggregate traffic measurement. It is cookieless, does not set any identifiers, and does not require consent under GDPR, CCPA, or similar laws.
Global Privacy Control
We honor the Global Privacy Control (GPC) signal. If your browser sends a GPC header, we treat it as an automatic rejection of analytics cookies. You do not need to interact with the cookie banner.
Managing your choices
You can change your consent at any time by clicking "Cookie preferences" in the footer of any page on Ensealed. Your browser also lets you clear or block cookies in its settings.
If you block essential cookies, Ensealed will not be able to log you in.
Contact
Questions about this policy: privacy@ensealed.com.