What we use
This page lists every cookie ReplyLabs sets on your device, organized by category. For our broader privacy practices, see our Privacy Policy. To change your cookie preferences, click "Cookie preferences" in the footer of any page or visit Settings → Privacy when signed in.
Strictly necessary cookies
These cookies are required for the service to function. They cannot be disabled and are not subject to the cookie banner.
| Cookie name | Purpose | Lifetime | Set by |
|---|---|---|---|
sb-<project>-auth-token | Authentication session (JWT) | ~1 hour (access) / longer (refresh) | Supabase (HttpOnly, Secure) |
sb-<project>-auth-token-code-verifier | OAuth PKCE code verifier during sign-in | Session | Supabase (HttpOnly) |
replylabs.consent | Remembers your cookie banner decision (Accept or Decline) so we don't re-prompt on every page | 180 days | ReplyLabs (Secure in production, SameSite=Lax) |
Analytics cookies
These cookies are only set if you accept the cookie banner. If you decline, we do not load PostHog at all and no analytics cookies are written.
| Cookie name | Purpose | Lifetime | Set by |
|---|---|---|---|
ph_<token>_posthog | Anonymous identifier and session metadata | 1 year | PostHog |
ph_<token>_posthog_disabled | Records opt-out so PostHog stops capturing | 1 year | PostHog (only set after decline) |
Cookies we don't use
We do not use advertising cookies, tracking pixels, or marketing cookies. We do not sell your data to advertisers. The only third-party scripts that touch your browser are PostHog (analytics, with consent) and Sentry (error reporting, no session replay, no personal identifiers per our Privacy Policy §2.2).
Other storage technologies
When you accept the cookie banner, PostHog also writes a small amount of data to your browser's localStorage alongside the cookies above. Under the UK PECR and EU ePrivacy Directive, browser localStorage is treated identically to cookies, so it falls under the same consent gate. Sentry writes transient error breadcrumbs to sessionStorage for in-page debugging context; this storage is cleared automatically when the tab is closed and contains no personal identifiers.
ReplyLabs records your cookie banner decision in two places: the replylabs.consent cookie listed above, and a mirror copy in your browser's localStorage under the key replylabs.consent.v1. The cookie is the primary store and is what makes the banner stay hidden after you decide; the localStorage copy is a fallback for browsers that block first-party cookies. Both contain the same information (Accept/Decline + timestamp + policy version) and no personal identifiers.
Changes to this list
We will update this list when the cookies we set change. The Last Updated date at the top of this page reflects the most recent revision. If a change introduces a new cookie that requires consent, we will bump our Privacy Policy version, which causes the cookie banner to re-prompt automatically so you can make a fresh decision against the new disclosure.
Questions
For any questions about cookies or this list, email privacy@replylabs.io.