Skip to main content
    TTTrepeat

    Last updated: 2026-06-12

    Cookie Policy

    This Cookie Policy explains how Trepeat uses cookies and similar browser-storage technologies on trepeat.com and app.trepeat.com. Our approach is intentionally minimal — strictly necessary cookies to operate the Service, plus privacy-friendly analytics that run only with your consent.

    1. What Are Cookies?

    Cookies are small text files placed on your device by websites you visit. They are widely used to make websites work, or work more efficiently, and to provide information to the site operator.

    2. Cookies We Set

    Strictly necessary cookies — the Service sets no first-party sign-in cookie. Your authenticated session (a short-lived JWT plus a refresh token) is held in your browser's localStorage / sessionStorage, not a cookie — see Browser Storage (§4) below. It is cleared on logout.

    Analytics cookies — set only with your consent. If you accept analytics in the consent banner, our product-analytics provider PostHog (EU region, hosted in Frankfurt, Germany) sets first-party cookies to recognise your browser across pages and measure how the product is used. IP addresses are anonymised at ingest and session recording is disabled. Until you accept, none of these cookies are set and nothing is captured.

    Under the GDPR ePrivacy regime, strictly necessary cookies do not require prior consent; analytics cookies do, which is why they are off until you opt in.

    NameTypePurposeRetention
    sb-<ref>-auth-tokenlocalStorage (first-party, strictly necessary)Keeps you signed in (Supabase session + refresh token)Until logout
    trepeat:cookie-consentlocalStorage (first-party, strictly necessary)Remembers your cookie-consent choiceUntil cleared / re-prompted on policy change
    tc-themelocalStorage (first-party, strictly necessary)Remembers your theme preferenceUntil cleared
    ph_<key>_posthog (and related)Cookie (first-party, analytics — consent-gated)PostHog product analytics; set only after you acceptUp to 12 months

    3. Your Consent Choice

    On your first visit you will see a consent banner with two equal-prominence choices — Accept or Reject. Analytics is disabled by default, so until you accept, no analytics cookie is set and no usage is captured. We also honour your browser's Do Not Track signal. You can change or withdraw your choice at any time — as easily as you gave it — via the Cookie Preferences link in the site footer. Your choice is remembered until you clear it and is re-requested if this policy materially changes, so your consent stays current.

    4. Browser Storage (Not Cookies)

    We use localStorage and sessionStorage — browser-storage APIs distinct from cookies — to keep you signed in (your Supabase session token, sent as your authentication credential on requests to the Service and its backend) and to remember your theme preference and your cookie-consent choice between visits. Your theme and consent choices stay on your device and are never transmitted; none of this is shared with advertisers or data brokers.

    5. What We Do Not Use

    Even with analytics enabled, we do not use any of the following on trepeat.com or app.trepeat.com:

    • Advertising or marketing cookies.
    • Re-targeting pixels (Facebook, LinkedIn, Twitter, TikTok, etc.).
    • Cross-site tracking, fingerprinting, or behavioural profiling.
    • Third-party tag managers (Google Tag Manager, Segment, etc.).
    • Selling or sharing your personal data with data brokers.

    6. Third-Party Pages

    Some workflows redirect you to third-party services that may set their own cookies subject to their own policies — for example, the Stripe Checkout page when you start a subscription. Refer to stripe.com/cookies-policy for details.

    7. Managing Cookies

    Withdraw or change your analytics consent at any time via the Cookie Preferences link in the footer. You can also clear or block cookies through your browser settings. Because your sign-in session lives in site storage (not a cookie), clearing or blocking localStorage / sessionStorage for app.trepeat.com will sign you out of the Service and also reset your theme preference and consent choice (you will be asked again on the next visit).

    8. Changes to This Policy

    We may update this Policy from time to time. When we make a material change we will revise the “Last updated” date above and notify registered users by email before the change takes effect. Continued use of Trepeat after the effective date constitutes acceptance of the revised Policy. If we introduce any new non-essential cookie, we will update this page and, where consent is required, ask for it through the consent banner before the cookie is set.

    9. Contact

    For the full detail of who processes your data and how, see our Privacy Policy and Subprocessors list. Cookie questions: support@trepeat.com.

    We use privacy-friendly product analytics (PostHog, EU-hosted, IP-anonymised) to understand how Trepeat is used. Essential cookies for sign-in are always on. You can change this anytime. Cookie Policy