Cookie Policy
Effective May 4, 2026
PatMate uses a small number of first-party cookies and one analytics integration (PostHog Cloud-EU). We do not use advertising trackers, social-media pixels, or third-party marketing cookies. Analytics is off by default and only activates if you explicitly accept it in the cookie banner.
What we set
| Name | Purpose | Type | Lifetime |
|---|---|---|---|
authjs.session-token | Keeps you signed in. | Strictly necessary (no consent required) | 30 days, sliding |
authjs.csrf-token | Prevents cross-site request forgery on the login form. | Strictly necessary | Session |
patmate-theme (localStorage) | Remembers light/dark mode. | Strictly necessary (preference) | Until cleared |
patmate.cookieConsent (localStorage) | Records the choice you made in our cookie banner. | Strictly necessary | Until cleared |
patmate_pid (localStorage) | Anonymous device identifier used by PostHog. Set only after you accept analytics in the cookie banner. | Analytics (consent required) | Until cleared |
How to control them
- Banner — it appears the first time you visit. Choose “Essential only” to keep all non-essential storage off, or “Accept analytics” to opt in. To re-prompt yourself, clear the
patmate.cookieConsententry from your browser’s localStorage and refresh. - Browser — every modern browser lets you block or delete cookies per-site. The Service still works without analytics; sign-in obviously requires the strictly-necessary cookies.
Do Not Track
We honour the DNT: 1 request header by skipping analytics scripts for that visit, regardless of your banner choice.
Changes
If we add a new cookie we will update this page and re-prompt for consent where the law requires it.