Anchor — Cookie Policy
Version: 1.0 Effective date: [TO BE SET AT LAUNCH] Last reviewed: 2026-05-03 Owner: Safety Harmonics Engineering Related: Privacy Policy, Vendor and Tracking Inventory
What this policy covers
This Cookie Policy explains what cookies and similar tracking technologies Anchor uses on its web application and any associated public-facing pages, what each technology does, and how you can control them.
For a full account of how we handle your personal information, see our Privacy Policy.
What are cookies?
Cookies are small text files that a website places on your browser or device when you visit. They help websites remember information across page loads and sessions. We also use related technologies — browser localStorage and sessionStorage — which serve similar purposes but are stored differently.
Cookies and tracking technologies we use
Essential (strictly necessary)
These technologies are required for the application to function. You cannot opt out of them without breaking core features.
| Name | Type | Set by | Purpose | Duration |
|---|---|---|---|---|
__session | Cookie (HttpOnly, Secure, SameSite=Strict) | Clerk (our authentication provider) | Stores your authentication session JWT. Required for all authenticated pages. | Session / rolling 30 days |
__client_uat | Cookie | Clerk | Records a user-activity timestamp used to detect stale sessions. | Persistent |
anchor-theme | Cookie + localStorage | Anchor | Stores your UI theme preference (light / dark / system). No personal data — contains only an enum value. | Persistent (can be cleared) |
Legal basis: Strictly necessary for the performance of the service you requested. No consent required.
Analytics and performance
These technologies help us understand how the application is used and where performance can be improved. They do not identify you to third-party advertisers.
| Name | Type | Set by | Purpose | Duration |
|---|---|---|---|---|
ph_* | Cookie | PostHog (proxied via our own /ingest endpoint) | Stores an analytics session ID and a distinct user ID. We use PostHog to track page views, feature usage, and AI generation metrics. When you are signed in, PostHog also receives your name and email address so we can associate events with your account. See our Privacy Policy for details. | Up to 1 year |
| (Vercel analytics cookies, if any) | Cookie | Vercel | Session attribution for page-view analytics. No user identity. | Session |
Analytics scripts loaded:
| Script | Loaded how | What it does |
|---|---|---|
PostHog SDK (posthog-js) | Bundled with the app; requests proxied via /ingest on our domain | Page views, interaction events, session replay (text masked). Sends name + email when signed in. |
Vercel Speed Insights (@vercel/speed-insights) | Bundled with the app | Measures Core Web Vitals (LCP, FID, CLS). No user identity, no PII. Always active in production. |
Vercel Analytics (@vercel/analytics) | Bundled with the app | Counts page views and unique visitors. No user identity. Always active in production. |
| Cloudflare Web Analytics beacon | External script from static.cloudflareinsights.com | Page views and performance data. No user identity. Active only if the NEXT_PUBLIC_CF_ANALYTICS_TOKEN environment variable is set. |
Legal basis (US): Legitimate interest in improving the product. No US federal law requires consent for analytics cookies in B2B SaaS. See Consent Approach section for details and conditions under which consent becomes required.
Legal basis (EU, if applicable): Consent required for ph_* and Vercel analytics cookies under GDPR Article 6(1)(a) and the ePrivacy Directive. See Consent Approach.
What we do NOT use
- Advertising or retargeting cookies. Anchor does not use advertising networks, remarketing pixels, or cross-site tracking.
- Social login buttons. No Facebook, Google, or Apple login widgets load on any Anchor page.
- Third-party chat or support widgets. No Intercom, Zendesk, or similar trackers.
- Email tracking pixels. Anchor does not currently embed open-tracking pixels or click-tracking links in transactional notification emails. If email tracking is introduced in the future, it will use Anchor's own domain with no cross-site data sharing. This policy will be updated before that feature is activated.
Browser localStorage and sessionStorage
| Key | Purpose | Set by |
|---|---|---|
anchor-theme | Stores theme preference as a fallback to prevent flash of unstyled content (FOUC) | Anchor layout script |
| PostHog distinct ID, session data | PostHog SDK stores its analytics state here | PostHog SDK |
| Clerk session state | Clerk may cache session information in localStorage in some browser configurations | Clerk JS SDK |
No sensitive data is intentionally stored in localStorage. Incident content, debrief transcripts, and other Customer Data are never written to browser storage.
How to control cookies
Browser settings
All major browsers allow you to view, block, and delete cookies. Instructions vary by browser:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Blocking strictly necessary cookies will prevent you from signing in or using core features.
PostHog opt-out
If you want to opt out of PostHog analytics specifically, you can use your browser's "Do Not Track" setting. PostHog honors DNT in its default configuration. You may also contact us at [privacy@safetyharmonics.com] and we will suppress your data from PostHog processing.
localStorage
You can clear localStorage at any time through your browser's developer tools (Application → Local Storage) or by clearing site data in browser settings. This will reset your theme preference and require PostHog to assign a new anonymous session ID on your next visit.
Updates to this policy
We will update this policy when our cookie and tracking footprint changes materially — for example, when new vendors are added, when analytics features are changed, or when legal requirements change. Material changes will be noted with a version number and revised effective date. We will not reduce your rights under this policy without notice.
Contact
Safety Harmonics, Inc. [privacy@safetyharmonics.com] [Mailing address — to be added before launch]