Legal

Cookie Policy

Ghostbase uses a small set of cookies and browser-storage entries to keep you signed in, remember your preferences, and understand how the product is performing. We do not run third-party advertising trackers or sell any of this data.

Effective · April 28, 2026

1. What is a cookie?

A cookie is a small text file a website asks your browser to store. Browsers also offer related storage mechanisms — localStorage, sessionStorage, IndexedDB — which we use the same way. Throughout this policy we refer to all of them as "cookies" for simplicity.

2. Categories of cookies we use

Strictly necessary. These are required for the Service to work — primarily authentication (Supabase session cookies), CSRF protection, and the active workspace identifier. You cannot disable them without breaking the app.

Preferences. Things like your theme choice, sidebar collapsed state, dashboard filters, and the most recently selected agent. Stored locally in your browser; never sent to anyone.

Performance & errors. We use Sentry to detect and diagnose product errors, and Vercel Analytics for aggregate page-view counts. Both run on a privacy-respecting configuration: no cross-site tracking, no IP fingerprinting beyond what browsers send by default, and no user-level profiling.

Billing. Stripe sets cookies on its hosted checkout and customer-portal pages to prevent fraud and remember your payment method. These are governed by Stripe's cookie settings.

3. Cookies we do NOT use

No third-party advertising or marketing trackers.

No cross-site retargeting pixels.

No data brokers, ad networks, or device-fingerprinting SDKs.

4. Third-party services

When your agents call third-party tools you've connected (Gmail, Slack, Stripe, Salesforce, etc.), the third party may set its own cookies in its own UI flows — for example, on its OAuth consent screen. Those cookies are governed by the third party's policies, not this one.

5. How to control cookies

You can clear cookies and local storage at any time using your browser settings. Doing so will sign you out of Ghostbase; the rest of the Service continues to work normally.

Most browsers also let you block cookies from specific sites or all sites. If you block strictly-necessary cookies for ghostbase.io the application won't load — there's no cookie-free version of the dashboard.

6. Do Not Track

We honour the DNT request header on the public landing page by suppressing performance analytics for that request. Strictly-necessary cookies still apply when you're signed in, since the Service can't authenticate you without them.

7. Changes

We'll update this policy if our cookie usage changes materially. The "Effective" date at the top of the page always reflects the current version.

8. Contact

Questions? Email support@ghostbase.ai.