Cookie Policy

Last updated: 15 April 2026

1. What this page covers

This page lists the cookies and browser-storage keys that GSC Wizard sets, what each one does, whether it is strictly necessary, and how long it persists. It is a companion to the Privacy Policy.

2. Strictly necessary

These are required for the service to work. They are always set and cannot be disabled via the consent banner. Declining non-essential cookies does not affect them.

  • sb-<project>-auth-token - HTTP-only Supabase session cookie that keeps you signed in. Expires when the session expires or you sign out.
  • oauth_link_state - short-lived HTTP-only cookie used as a CSRF token while linking a Google account. Removed immediately after the OAuth callback.
  • gscwizard_cookie_consent (localStorage) - remembers your choice on the consent banner so we don't prompt you again. Value is accepted or declined.

3. Analytics (optional)

Set only if you click Accept on the cookie banner. You can withdraw consent at any time by clearing the gscwizard_cookie_consent key or by using your browser's site-data tools.

  • PostHog cookies (prefixed ph_) - anonymous distinct-id, session id, and feature-flag state used by PostHog to deduplicate events and reproduce bugs. Persists up to 1 year.

On the marketing site (before sign-in) PostHog runs in cookieless, opt-out-by-default mode, so no analytics cookies are set at all until you accept the banner.

4. Functional (set by sub-processors)

  • Stripe may set fraud-prevention cookies on the checkout page (__stripe_mid, __stripe_sid). These are required for payment pages to function.
  • Vercel may set a short-lived load-balancer cookie to route your request consistently within a session.

5. What we do not use

  • No advertising or retargeting cookies.
  • No third-party social-media pixels.
  • No cross-site tracking beyond the sub-processors above.

6. Managing your choices

You can use the consent banner the first time you visit, or clear the gscwizard_cookie_consent key in your browser to be prompted again. All modern browsers also let you block or delete cookies on a per-site basis from their settings.

7. Contact

Questions about cookies:

[email protected]