Cookie Policy
Last updated: June 9, 2026
This Cookie Policy explains how SaasDash.ai uses cookies and similar tracking technologies (browser localStorage and sessionStorage). It should be read alongside our Privacy Policy.
1. What is a cookie?
A cookie is a small text file that a website asks your browser to store on your device. We also use localStorage and sessionStorage, which are similar key-value stores in your browser. We refer to all three as "cookies" throughout this page for simplicity.
2. Categories we use
We group cookies into three categories. Strictly necessary cookies are set whenever needed. Analytics and marketing cookies are set only after you opt in through our cookie consent banner.
Strictly necessary (always on)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
next-auth.session-token / __Secure-next-auth.session-token | SaasDash (NextAuth.js) | Keeps you signed in across requests | Session (30 days max) |
next-auth.csrf-token | SaasDash (NextAuth.js) | Cross-site request forgery protection on auth endpoints | Session |
next-auth.callback-url | SaasDash (NextAuth.js) | Remembers where to send you after sign-in | Session |
saasdash_ref | SaasDash | Stores an affiliate referral code when you arrive via ?ref=CODE so commissions can be attributed if you later subscribe | 90 days |
cookie-consent-v2 (localStorage) | SaasDash | Remembers your cookie consent choices | 12 months |
saasdash-vh (sessionStorage) | SaasDash | Pseudonymous visitor ID used to deduplicate conversion events between the browser and our server | Per browser tab session |
Analytics (set only after consent)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
ph_*_posthog (localStorage) and ph_* cookies | PostHog | Pseudonymous user ID, session ID, feature-flag cache. Used to count events and feature usage. Session recording is disabled. | Up to 12 months |
_ga | Google Analytics 4 | Distinguishes unique users | 2 years |
_ga_<CONTAINER-ID> | Google Analytics 4 | Persists session state for GA4 | 2 years |
Before you give analytics consent, PostHog runs in a cookieless, memory-only mode and does not create person profiles. Google Analytics 4 is not loaded at all until consent is given.
Marketing (set only after consent)
| Name | Provider | Purpose | Duration |
|---|---|---|---|
_fbp | Meta (Facebook Pixel) | First-party cookie used by the Meta Pixel to identify a browser for ad-conversion attribution. Currently stripped server-side after each event as a privacy hardening measure — see note below. | Up to 90 days when set |
_fbc | Meta (Facebook Pixel) | Stores the click ID (fbclid) of the Meta ad that brought you to the site. Stripped server-side after each event, as above. | Up to 90 days when set |
Note on Meta cookies: Even with marketing consent, we currently strip the _fbp and _fbc cookies after each event to minimize cross-site tracking. Attribution still works because we use the Meta Conversions API with deduplication via a server-issued event ID — see our Sub-processors page for details.
3. How to change your choices
- In SaasDash: click "Cookie settings" in the website footer to reopen the consent banner and update your analytics and marketing toggles. Your choice takes effect immediately.
- In your browser: you can delete or block cookies through your browser settings. Blocking strictly necessary cookies will prevent you from signing in.
- Do Not Track: we recognize the DNT header as a signal of your preference, but the DNT specification is not consistently defined across browsers, so we do not treat it as a binding consent withdrawal. Use the cookie settings control to make your preference unambiguous.
- Global Privacy Control (GPC): we are working to honor GPC as a valid opt-out signal for advertising. Until that is live, please use the cookie banner or email privacy@saasdash.ai.
4. California "sharing" opt-out
California residents can read about — and opt out of — our CPRA-defined "sharing" of personal information for cross-context behavioral advertising on the Do Not Sell or Share My Personal Information page.
5. Contact
For questions about this Cookie Policy, contact privacy@saasdash.ai.