Cookie Policy
This policy explains how OpsForge uses cookies and similar technologies, what each one does, and the choices you have. It supplements our Privacy Policy.
What cookies are
Cookies are small text files a site stores in your browser. We use them to keep you signed in, remember your preferences, and - only with your permission - to measure how the product is used. We group every cookie into the categories below.
Your choices
When you first visit, a banner lets you accept or reject the optional categories. You can change or withdraw your choice at any time, or opt out of analytics and marketing in one click, using the controls below. We also honour the Global Privacy Control (GPC) browser signal: when present, the optional categories default to off. Strictly necessary cookies cannot be switched off because the app cannot run without them.
Strictly necessaryAlways active
Always on. These keep you signed in, secure the session, and remember your consent choice. The app cannot function without them, so they are not subject to consent.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
app_consent | OpsForge | Stores your cookie-consent choice (which optional categories you allowed) and the version you agreed to. | 1 year |
app-token / pb-remember / pb-userctx | OpsForge | Authentication and session: keeps you signed in and identifies your account on each request. | Session to 30 days |
sb-* (Supabase) | Supabase | Auth session tokens issued by our authentication provider. | Session to 1 year |
*_oauth_state, *_code_verifier, stepup_* | OpsForge | Short-lived CSRF / state tokens that protect social sign-in and step-up authentication. | Minutes (sign-in only) |
dev_opt_out | OpsForge | Records a request to exclude this browser from all analytics and tracking scripts. | 2 years |
Functional / preferencesAlways active
Remember choices you make so the interface behaves the way you left it. Treated as essential because they only store your own settings and do not track you.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
app-theme | OpsForge | Remembers your light or dark theme choice. | 1 year |
app-side-collapsed | OpsForge | Remembers whether you collapsed the sidebar. | 1 year |
pb-branding / pb-hostdomain | OpsForge | Resolves per-workspace branding and custom-domain routing. | Session to 1 year |
AnalyticsConsent required
Help us understand how the product is used so we know what to improve. Only set after you accept the "Analytics" category, and removed when you withdraw it.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
_ga, _ga_*, _gid | Google Analytics | Aggregate, IP-anonymised usage statistics. Loaded only after analytics consent. | Up to 2 years |
ph_* (PostHog) | PostHog | Product analytics for identified users. Loaded only after analytics consent. | Up to 1 year |
MarketingConsent required
Used to measure and personalise marketing. Only set after you accept the "Marketing" category. Any pixels an administrator adds are gated behind this choice.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
Admin-managed pixels | Third parties | Optional marketing / conversion pixels configured by the operator. Suppressed entirely until marketing consent is granted. | Varies by provider |
PaymentsAlways active
Set by Stripe during checkout to process payments securely and prevent fraud. Present only on billing flows.
| Cookie | Provider | Purpose | Duration |
|---|---|---|---|
__stripe_mid, __stripe_sid | Stripe | Fraud prevention and checkout session integrity on payment pages. | Session to 1 year |
Changes to this policy
If we add or change cookies we will update this page and, where required, re-prompt you for consent. Questions? See our Privacy Policy or contact us.