Estavo uses cookies and browser localStorage for two purposes: to keep you logged in, and to understand how the product is used. We do not use advertising cookies, tracking pixels, or third-party marketing cookies of any kind. This policy applies to the Estavo web app. The Android and iOS mobile apps use device-based token storage, not browser cookies.
1. What Is a Cookie?
A cookie is a small text file that a website stores on your device when you visit. Cookies allow websites to remember your session, preferences, or behavior across page loads and visits.
We also use localStorage — a browser storage mechanism that functions similarly to cookies but is not transmitted with HTTP requests. We use localStorage for analytics session continuity (PostHog).
2. Cookies We Use
Strictly Necessary — Cannot be disabled
These cookies are required for Estavo to function. Without them, you cannot stay logged in.
Analytics — Can be disabled
These cookies and localStorage keys are set by PostHog to track product usage and session continuity in analytics. They help us understand which features are used and where the product needs improvement.
| Cookie / Key | Purpose | Expires |
|---|---|---|
| ph_[key]_posthog | PostHog localStorage key. Stores an anonymous distinct ID used to correlate events within a session and across return visits. Does not store your name, email, or any personally identifiable information. | 1 year (localStorage) |
| ph_[key]_window_id | PostHog localStorage key. Identifies the current browser window to correlate events within a single session. | Session (localStorage) |
3. Session Recording
PostHog also records sessions — mouse movement, clicks, scrolling, and page navigation — to help us identify usability problems and bugs. This is a form of analytics, not surveillance.
What is never captured in recordings:
- Text typed into any input field
- Passwords, financial figures, door codes, guest names
- File contents or file names
All input fields are masked at the PostHog SDK level before any data leaves your browser. Masked fields appear as asterisks in recordings.
4. No Advertising Cookies
Estavo does not use advertising cookies, retargeting pixels, social media tracking pixels, or any third-party marketing technology. There are no Facebook Pixel, Google Ads, LinkedIn Insight Tag, or similar trackers on any Estavo page.
5. How to Control Cookies
Opt out of session recording (in-app):
Go to Settings → Account → Privacy → Disable session recording. This stops PostHog from recording your sessions. Analytics events (page views, feature usage counts) continue independently.
Browser cookie controls:
You can delete or block cookies through your browser settings. Note: blocking strictly necessary cookies (Better Auth session token) will prevent you from staying logged in.
- Chrome: Settings → Privacy → Cookies
- Firefox: Preferences → Privacy
- Safari: Preferences → Privacy
Block PostHog specifically:
You can use a content blocker (uBlock Origin, Privacy Badger, etc.) to block requests to app.posthog.com or eu.posthog.com. This prevents all PostHog analytics and session recording without affecting your ability to use Estavo.
6. Mobile App
The Estavo Android and iOS apps do not use browser cookies. Session authentication is managed via encrypted tokens stored in the device's secure storage. The PostHog SDK in the mobile app uses device storage (not browser storage) for analytics continuity, and all the same input-masking rules apply.
7. Changes to This Policy
If we add new cookies or tracking technologies, we will update this policy before deploying them and, where required, seek your consent. The "last updated" date at the top reflects the most recent change.
8. Contact
Questions about our use of cookies: support@estavo.net