Legal
Cookie Policy
Cookies and similar technologies used by the TrueClara website, dashboard, and runtime SDK.
Last updated: June 1, 2026
Summary
The TrueClara web runtime SDK is designed not to set cookies and not to write localStorage. The React Native/Expo SDK uses an on-device SQLite queue for delivery reliability and does not use it for advertising or cross-app tracking. The TrueClara website and dashboard use limited cookies and similar technologies for authentication, security, preferences, and diagnostics. Dashboard product analytics runs cookieless (in-memory only, no cookies or browser storage). We do not use advertising cookies, retargeting pixels, or cross-context behavioral advertising.
1. What this policy covers
This policy covers cookies and similar technologies such as localStorage, sessionStorage, pixels, and browser storage used by:
trueclara.com;- the TrueClara dashboard;
- public observation links; and
- the TrueClara web and mobile runtime SDKs.
2. Runtime SDKs
The web runtime SDK is designed to operate without setting cookies and without writing localStorage.
In aggregate mode, the web runtime SDK does not store tab IDs or client-persisted identifiers.
If analytics mode is enabled after appropriate opt-in, the SDK may store an analytics override in sessionStorage and the ingestion edge may derive a daily salted session hash that resets every 24 hours. SessionStorage is cleared by the browser when the session ends.
The React Native/Expo SDK does not use browser cookies, localStorage, or sessionStorage. It may store queued mobile funnel events in an on-device SQLite queue so events can flush after backgrounding, process restarts, or temporary offline periods. The queue is used for delivery reliability, not advertising, retargeting, cross-app tracking, or sale/share of personal information.
3. Strictly necessary technologies
These are required for the website, dashboard, security, or account access.
| Technology | Provider | Purpose | Typical duration |
|---|---|---|---|
| Authentication/session cookies | Supabase / TrueClara | Keeps dashboard users logged in and protects authenticated routes | Session or configured account duration |
| CSRF/security tokens | TrueClara | Helps prevent cross-site request forgery and abuse | Session |
__cf_bm and related security cookies | Cloudflare | Bot management, DDoS protection, abuse prevention | Typically short-lived |
| Load-balancing or edge-routing cookies | Cloudflare / Vercel | Routes traffic and maintains Service reliability | Session or short-lived |
You cannot disable strictly necessary cookies through our banner because the Service may not work without them.
4. Preference technologies
| Technology | Purpose | Typical duration |
|---|---|---|
| Dashboard theme/layout preferences | Remembers UI preferences | Until deleted or reset |
| Workspace/project UI state | Remembers recent workspace, filters, and interface state | Until deleted or reset |
5. Analytics and diagnostics
| Provider | Purpose | Scope | Typical duration |
|---|---|---|---|
| PostHog | Dashboard product analytics, feature usage, funnel analysis | TrueClara dashboard only; not customer monitored applications | Cookieless — held in memory for the page session only; no cookies or persistent browser storage |
| Channel.io | Live chat and support widget; loaded to provide live chat support and sets its own cookies to remember conversation state and visitor context | Website and dashboard; not gated on consent; not used for advertising | Set by Channel.io; persists per its retention until cleared |
| Sentry | Error monitoring and performance diagnostics | Website and dashboard; not used for advertising | Session or event-based |
| TrueClara internal logs | Security, abuse prevention, reliability | Website, dashboard, APIs, ingestion | Server-side retention described in the Privacy Policy |
We do not run PostHog on customer applications through the TrueClara runtime SDKs.
6. Public observation links
Public observation links may use strictly necessary security and delivery technologies, including Cloudflare and Vercel edge infrastructure. They are not intended to use advertising cookies.
7. What we do not use
We do not use:
- third-party advertising cookies;
- retargeting pixels;
- social-media advertising pixels;
- cross-context behavioral advertising identifiers;
- SDK-set cookies in customer monitored applications;
- mobile SDK storage for advertising or cross-app tracking; or
- fingerprinting for advertising.
8. Your choices
You can block or delete cookies through your browser. Blocking strictly necessary cookies may break login, dashboard access, security protections, or public-link functionality.
Analytics runs cookieless, so we do not show a cookie banner for it. You can control or clear cookies through your browser settings, send a Global Privacy Control signal (honored where required by law), or contact privacy@trueclara.com.
We honor Global Privacy Control (GPC) signals where required by applicable law. We do not respond to browser “Do Not Track” signals because there is no consistent legal standard for them.
9. Changes
We may update this Cookie Policy when our technology or legal obligations change. Material changes will be notified as described in the Privacy Policy.
10. Contact
Privacy: privacy@trueclara.com
Legal: legal@trueclara.com
trueclara.com