01Strictly necessary
These cookies are required for the product to function. Authentication, billing checkout, consent persistence, and theme settings cannot be disabled without breaking core features.
| Cookie | Purpose | Expiry | Flags |
|---|---|---|---|
| gba_rt | Refresh token for authenticated sessions. | 30 days | HttpOnly, Secure, SameSite=Lax |
| gba_signed_in | Client-visible flag indicating an active session. | 30 days | Secure, SameSite=Lax |
| __stripe_mid | Stripe checkout machine identifier. | 1 year | Secure, SameSite=Strict |
| __stripe_sid | Stripe checkout session identifier. | Session | Secure, SameSite=Strict |
| govbid_cookie_consent | Stores your cookie banner preferences. | 1 year | Secure, SameSite=Lax |
| govbid_theme | Light or dark interface preference. | 1 year | Secure, SameSite=Lax |
| cf_clearance | Cloudflare bot protection token. | 30 min to 1 year | HttpOnly, Secure |
02Analytics (opt-in)
Analytics cookies are set only after you accept them in the banner. We use PostHog for product analytics. Session replay is disabled by default.
| Cookie | Purpose | Expiry |
|---|---|---|
| ph_<project_id>_posthog | Anonymous device and event identifier for product analytics. | 1 year |
| ph_<project_id>_window_id | Window scoping for analytics events. | Session |
If you decline analytics, neither cookie is set, and we receive no behavioral data from your sessions.
03Marketing (opt-in)
We currently set no marketing or retargeting cookies. This category is reserved. If we ever add one (for example, a LinkedIn Insight Tag for retargeting), we will update this policy at least 30 days before activation and require fresh consent.
04Third-party
A small number of third parties set cookies inside their embedded surfaces on our pages.
- Stripe: cookies set inside the billing iframe on the /billing page for fraud prevention and session continuity.
- Cloudflare Turnstile: bot-challenge tokens on authentication pages.
- Google Fonts: font caching hints. Fonts are served with no behavioral cookies.
05Managing cookies
You can change consent any time using the cookie banner footer link, or clear and block cookies in your browser:
California residents can submit a Do-Not-Sell signal at /do-not-sell. We do not sell personal information; the link is provided for CCPA compliance.
06No advertising
We run no ad networks, no retargeting, and no social-media tracking pixels on this site today. If that changes, we will update this section and require fresh consent before activation.
07Updates
Material changes to this policy will be announced at least 30 days in advance by email to account holders and by banner on the site. The version number and effective date at the top of this document are authoritative.
08Contact
Questions about this policy or about a specific cookie set in your browser: privacy@trygovbidai.com.