Cookie Policy
Cookie Policy
Effective: May 1, 2026 · Version: 2026.05.01-1
This Cookie Policy explains how OfiFlow uses cookies and similar tracking technologies on ofiflow.com and the OfiFlow dashboard (the "Sites"). It supplements our Privacy Policy at /privacy.
If you have questions, email legal@ofiflow.com.
1. What is a cookie?
A cookie is a small text file stored on your device when you visit a website. Cookies allow the site to recognize your device, remember your preferences, and provide a personalized experience.
We also use localStorage (a similar browser-storage mechanism) for some preferences. For simplicity, this Policy refers to both as "cookies."
2. Categories of cookies we use
OfiFlow uses two categories of cookies:
Essential cookies (always on)
These cookies are required for the Sites to function. You cannot disable them via our cookie banner, but you can disable cookies entirely in your browser (which may break the Sites).
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
sb-access-token |
Authentication session for the OfiFlow dashboard | Session (cleared on logout) | Supabase Auth |
sb-refresh-token |
Token refresh for authenticated dashboard sessions | 30 days from last login | Supabase Auth |
csrf-token |
Cross-site request forgery protection | Session | OfiFlow |
ofiflow_cookie_consent_v1 |
Stores your cookie-consent choice | 365 days | OfiFlow (localStorage) |
Analytics cookies (opt-in)
We use Vercel Analytics for anonymous Web Vitals + page-view telemetry. Vercel Analytics is cookieless — it does not set browser cookies and does not require consent under ePrivacy regimes. We do not use any analytics or advertising cookies.
(Previously this section listed ph_*_posthog analytics cookies. PostHog was retired 2026-04-29 per ADR-019 amendment; Vercel Analytics, bundled with our Vercel Pro plan, replaces it without requiring cookies.)
We do not use:
- Advertising cookies
- Cross-context behavioral advertising trackers
- Third-party advertising SDKs (Google Ads, Meta Pixel, etc.)
- Session replay tools
- Heatmap or visitor-recording tools
3. Your choices
When you first visit ofiflow.com, a cookie banner asks you to choose:
- Accept all — enables both essential and analytics cookies.
- Essential only — enables only the cookies required for the Sites to function. Analytics cookies are blocked.
You can change your choice anytime by clicking "Cookie settings" in the site footer or visiting this page and using the controls below.
You can also disable cookies in your browser settings. Note that disabling essential cookies will break authentication and the dashboard will not function.
Browser-level controls
- Chrome: Settings → Privacy and security → Cookies and other site data
- Safari: Preferences → Privacy → Manage Website Data
- Firefox: Preferences → Privacy & Security → Cookies and Site Data
- Edge: Settings → Cookies and site permissions → Cookies and site data
Do Not Track
We honor browser "Do Not Track" signals where reasonably practical. If your browser sends a Do Not Track signal, we will not enable analytics cookies until you explicitly opt in via the cookie banner.
4. Updates to this Policy
We will update this Policy if we add, change, or remove cookies. The "Effective" date and "Version" at the top reflect the most recent update. For material changes, we will re-prompt you via the cookie banner.
5. Contact
Questions about cookies: legal@ofiflow.com
6. Related documents
- Privacy Policy — /privacy
- Terms of Service — /terms
- Subprocessor List — /subprocessors (Vercel covers our analytics processing under the same Vercel DPA as our hosting subprocessor)