Cookie Policy
This Cookie Policy explains how GotBack uses cookies and similar technologies when you use our website and app. It complements our Privacy Policy.
1. What Are Cookies
Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit, such as your login status and preferences. We also use similar technologies such as localStorage and sessionStorage to store data locally on your device.
2. Cookies and Similar Technologies We Use
Essential
Required for the service to function. These cannot be disabled because the service would not work without them.
- Authentication (Logto) — keeps you signed in across pages and tabs
- Cookie consent preference — remembers your choice from the consent banner so we do not ask you again on every page
- Payment session (Stripe) — set when you go through subscription checkout, reward funding, or finder onboarding; required for fraud prevention and to complete payments
- Bot & security protection (Cloudflare) — set on requests routed through Cloudflare to distinguish legitimate traffic from automated abuse
Functional
Remember your preferences to provide a better experience. These are set without your explicit consent because they are not used to track you across sites.
- Theme — remembers your light/dark mode choice (localStorage)
- Draft form state — keeps an in-progress report so you do not lose it on refresh (localStorage)
Analytics and session replay (opt-in)
Help us understand how the service is used so we can improve it. These are loaded only after you accept analytics cookies in the consent banner.
- PostHog product analytics — pseudonymous events such as page views, feature usage, and key actions (sign-ups, subscription changes). PostHog uses cookies and localStorage.
- PostHog session replay — records your interactions with the app (clicks, scrolls, navigation, and rendered UI) so we can diagnose problems and improve the experience. Sensitive fields are masked where technically possible: card details are never recorded (they are entered inside Stripe), and we configure replay to suppress message content. Replays are pseudonymous and tied to your distinct ID, not to your name.
You can change your choice at any time by clearing the cookie-consent preference for this site (in your browser settings), which will cause the banner to reappear.
3. Third-Party Cookies
Some of our service providers set their own cookies, typically on their own domains, when you interact with them through GotBack:
- Logto — authentication; sets cookies on its own domain to manage your login session
- Stripe — billing and payouts; sets cookies on stripe.com and js.stripe.com when you go through checkout, the customer portal, or Connect onboarding, for fraud detection and session continuity
- Cloudflare — CDN and security; may set cookies on our domain for bot protection and performance optimisation
- PostHog — analytics and session replay (opt-in)
Each of these providers has its own privacy and cookie policies, which govern the cookies they set.
4. Managing Cookies
You can manage cookies through:
- Our consent banner — choose which categories to accept the first time you visit. You can change your choice later by clearing site data for this domain.
- Your browser settings — most browsers let you block or delete cookies. Note that blocking essential cookies may prevent you from signing in, completing payments, or using the service at all.
- Push notifications and emails — you can turn these off from your account settings; transactional emails always include a one-click unsubscribe link.
5. Contact Us
If you have any questions about our use of cookies, please contact us at support@gotback.world.