Legal

Cookie Policy

Effective Date: April 8, 2026

This Cookie Policy explains how Cohortly Inc. ("Cohortly", "we", "us", or "our") uses cookies and similar technologies when you visit our marketing website at cohortly.app and when you use the Cohortly web application. This policy should be read alongside our Privacy Policy.

1. What Are Cookies?

Cookies are small text files placed on your device (computer, tablet, or mobile) by a website when you visit it. They are widely used to make websites work efficiently, remember your preferences, and provide information to site owners. Cookies set by the website operator are called "first-party cookies"; cookies set by other parties are called "third-party cookies".

In addition to cookies, we use localStorage — a browser-based storage mechanism — to persist certain application state. Unlike cookies, localStorage data is never sent to our servers automatically; it lives only in your browser. The data stored in localStorage is listed in the cookie table below where relevant.

2. Why We Use Cookies

We use cookies and localStorage for the following purposes:

Essential

Required for the platform to function. These include authentication tokens that keep you logged in and security tokens that protect against CSRF attacks. These cannot be disabled.

Functional

Enable enhanced features and personalisation — such as remembering your dark/light mode preference, your inbox state, and saved dashboard views. Disabling these may affect your experience.

Analytics

Help us understand how users interact with Cohortly in aggregate so we can improve the product. We use Google Analytics (GA4) with IP anonymisation enabled.

Third-Party

Set by our billing partner (Lemon Squeezy) when you visit the checkout or customer portal. These are governed by Lemon Squeezy's own cookie policy.

3. Cookies We Use

The table below lists the specific cookies and localStorage keys used by Cohortly and its third-party services.

Name	Provider	Purpose	Duration	Type
sb-access-token	Supabase / Cohortly	Stores your authenticated session token so you stay logged in across page loads.	Session / 1 hour	Essential
sb-refresh-token	Supabase / Cohortly	Long-lived token used to silently refresh your session without requiring re-authentication.	60 days	Essential
__Host-next-auth.csrf-token	Cohortly	Cross-Site Request Forgery (CSRF) protection token issued by Next.js for secure form submissions.	Session	Essential
next-auth.callback-url	Cohortly	Stores the URL to redirect you to after completing OAuth authentication (e.g., Google sign-in).	Session	Essential
cohortly_theme	Cohortly	Remembers your preferred appearance setting (Light or Dark mode) between sessions.	1 year	Functional
cohortly_inbox_[userId]	Cohortly (localStorage)	Persists your inbox state — which items are read, archived, starred, or deleted — locally in your browser.	Persistent (localStorage)	Functional
cohortly_saved_views	Cohortly (localStorage)	Stores your saved dashboard filter views (e.g., 'Top 20 Candidates') for one-click recall.	Persistent (localStorage)	Functional
cohortly_apply_draft_[slug]	Cohortly (localStorage)	Saves an applicant's in-progress form responses so they can return and complete their application later.	Persistent (localStorage) — cleared on submission	Functional
_ga	Google Analytics	Distinguishes unique users for aggregate usage analytics. Used to understand which features are most used and how users navigate the platform.	2 years	Analytics
_ga_[ID]	Google Analytics	Maintains session state for Google Analytics 4 (GA4) measurement.	2 years	Analytics
__lemon_squeezy_session	Lemon Squeezy	Maintains your session on the Lemon Squeezy checkout and customer billing portal.	Session	Third-Party

4. Your Choices & How to Manage Cookies

Essential cookies cannot be disabled as they are strictly necessary for the Cohortly platform to function. Without them, you will not be able to log in or use the application.

For all other cookie categories, you have the following options:

Browser Settings

Most browsers allow you to view, manage, and delete cookies through their settings. Look for a "Privacy & Security" or "Cookies and Site Data" section in your browser preferences. Note that deleting cookies will log you out of Cohortly.

Google Analytics Opt-Out

You can prevent Google Analytics from collecting your data by installing the Google Analytics Opt-out Browser Add-on, available at tools.google.com/dlpage/gaoptout.

LocalStorage

You can clear localStorage data via your browser's developer tools (Application → Local Storage → cohortly.app → Clear All). This will reset your inbox state, saved views, and theme preference.

Do Not Track

If your browser sends a "Do Not Track" (DNT) signal, we will endeavour to honour it by disabling non-essential analytics tracking for your session.

5. Cookie Updates

As Cohortly evolves, we may introduce new features that set additional cookies or localStorage entries. We will update this Cookie Policy accordingly and revise the effective date at the top of the page. For changes that materially expand our use of tracking technologies, we will notify you via in-app notice or email.

6. Contact

If you have any questions about this Cookie Policy or how we handle your data, please contact us at cohortlyapp@gmail.com.

Questions? cohortlyapp@gmail.com

Terms & Privacy|Support