Cookie Statement

What is a cookie?

Cookies are small files stored on your device by your browser. We and our service providers use cookies — along with related browser storage like localStorage and sessionStorage — to operate the portal, remember your preferences, and understand how the portal is used.

Categories we use

Strictly necessary

Required for the portal to function. Disabling these will prevent sign-in and breaks core features.

• Supabase authentication and session cookies
• CSRF protection tokens
• Active business-account selection (the "active_account_id" cookie used by the multi-account switcher)

Preference

Remember your chosen settings between sessions.

• Theme (light / dark)
• Display density
• Dismissed notices and onboarding state

Analytics

Help us understand portal usage so we can improve the product.

• Google Analytics 4 (page-level traffic). Provider: Google LLC. The portal uses the standard GA4 cookies (_ga, _ga_*).
• PostHog (planned, product analytics). Provider: PostHog Inc., EU instance. Where deployed, PostHog will set a first-party cookie / browser-storage entry to identify your session.

Where required by applicable law (e.g. EU GDPR), analytics cookies are gated behind your consent and will not be set unless you opt in.

Managing cookies

You can change your analytics cookie choice at any time:

You can also manage cookies through your browser settings. Most browsers let you block, delete, or be notified about cookies. Note that blocking the strictly-necessary category will break sign-in and account switching.

For Google Analytics specifically, you can install the GA Opt-out Browser Add-on to prevent your visits being included in GA reports.

More information

Full details about what we collect and why live in our Privacy Policy. Questions can be sent to support@hilltops.app.