Cookie Policy
Last updated: May 17, 2026
This Cookie Policy explains how Security Stack ("Company," "we," "us," and "our") uses cookies and similar technologies when you visit our website at https://securitystack.app ("Website"). It explains what these technologies are and why we use them, as well as your rights to control our use of them.
What are cookies?
Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.
Cookies set by the website owner (in this case, Security Stack) are called "first-party cookies." All cookies we set are first-party cookies — they are set on the securitystack.app domain and cannot track you across other websites. We use strictly necessary cookies for authentication and security, and one analytics cookie to understand how visitors use our Website. We do not use third-party cookies or advertising cookies.
Why do we use cookies?
We use cookies for two purposes:
Strictly necessary: To enable core functionality — authentication, session management, and security. The Website cannot function properly without these cookies.
Analytics: To understand how visitors interact with our Website so we can improve it. These cookies are set only with your consent where required by law.
What cookies do we use?
The following cookies are set by Security Stack when you use the Website:
Strictly necessary cookies
These cookies are essential to provide you with services available through our Website. Because they are strictly necessary, they cannot be disabled without breaking the service.
| Name | Purpose | Provider | Type | Expires |
|---|---|---|---|---|
| sb-[ref]-auth-token | Stores your authentication session token. Keeps you logged in. Cleared when you sign out or your session expires. | securitystack.app | First-party, HTTP cookie | Session |
| sb-[ref]-auth-token-code-verifier | Security value used during the login process (PKCE flow). Automatically cleared after sign-in completes. | securitystack.app | First-party, HTTP cookie | Short-lived, auto-cleared |
| ss_csrf | Protects against cross-site request forgery attacks on form submissions. A standard web security measure. | securitystack.app | First-party, HttpOnly cookie | Session |
Analytics cookies
These cookies help us understand how visitors interact with our Website. They are set only after you have given consent where required by applicable law (including EU and UK GDPR). We use PostHog, an analytics platform whose data is stored in the European Union.
| Name | Purpose | Provider | Type | Expires |
|---|---|---|---|---|
| ph_* (e.g. ph_eu_phc_[key]_posthog) | Assigns an anonymous identifier to recognise you as a returning visitor. Used to measure page views, feature usage, and navigation flows. Also caches feature flag values to avoid loading delays. No name, email, or directly identifying information is stored in this cookie. | PostHog (posthog.com) — EU Cloud | First-party HTTP cookie | 1 year |
PostHog also uses browser localStorage (not a cookie) to store session identifiers and cached feature flag data. This stays on your device and uses the same anonymous identifier as the cookie above.
What about local storage?
We also use your browser's local storage to remember your sidebar preference (whether the dashboard sidebar is expanded or collapsed). This data is stored only on your device and is never transmitted to our servers. It is not a cookie and does not identify you. We also use localStorage for PostHog analytics session data, as described in the analytics cookies section above.
Do you use analytics cookies?
Yes. We use PostHog, a product analytics platform, to understand how visitors use our Website. PostHog collects anonymised behavioural data — including page views, clicks, search queries, and feature interactions — to help us identify what's working and what to improve.
PostHog is operated by PostHog, Inc. Data is processed and stored on PostHog's EU cloud infrastructure (European Union). PostHog acts as a data processor on our behalf under a Data Processing Agreement that incorporates the European Commission's Standard Contractual Clauses. PostHog does not use your data for its own purposes or share it with advertising networks. You can read PostHog's privacy policy at https://posthog.com/privacy.
We do not use Google Analytics, Meta Pixel, or any advertising or ad-targeting technology.
How can I control cookies?
Strictly necessary cookies are set automatically when you use the service. These cannot be disabled without breaking core functionality such as login.
Analytics cookies (PostHog): if you are visiting from the EU, UK, EEA, or Switzerland, a cookie preference banner is shown on your first visit and analytics will only run if you accept. If you are visiting from other regions, analytics is enabled by default. You can change your preference at any time by clicking "Cookie Preferences" in the footer of any page, or by contacting us at privacy@securitystack.app.
You can also clear all cookies at any time through your browser settings. Clearing cookies will sign you out of your account and reset your analytics identifier.
For information on how to manage cookies in your browser, please visit your browser's help documentation:
How often will you update this Cookie Policy?
We may update this Cookie Policy from time to time to reflect changes to the cookies we use. If we introduce any non-essential cookies in the future, we will update this policy and implement an appropriate consent mechanism before doing so. The date at the top of this page indicates when it was last updated.
Where can I get further information?
If you have any questions about our use of cookies, please contact us at privacy@securitystack.app.