Cookie Policy
Effective date:
Draft — pending counsel review. This document describes Jalees' intended cookie practices for launch. It has not yet been reviewed by qualified legal counsel and may be updated before it becomes binding.
1. What this policy covers
This policy explains the cookies and similar browser-storage technologies Jalees uses on the
marketing site (jalees.io) and in the application (app.jalees.io).
It supplements our Privacy Policy.
2. Categories of cookies
We group cookies into three categories:
- Essential
- Required to deliver the Service. They keep you signed in, protect signup and login forms from automated abuse, and remember your cookie choices. These cannot be turned off through the cookie banner without breaking the Service.
- Analytics
- Help us understand which features are used and where the Service is slow or broken. Off by default; loaded only after you opt in.
- Marketing
- Reserved for any future personalised outreach. Currently unused; would be off by default and require opt-in if ever introduced.
3. Cookies we set
The table below lists the cookies that Jalees and its processors may set in your browser. Provider-set cookies are listed with their typical name; exact names can vary slightly between versions of the underlying SDK.
| Name | Purpose | Category | Duration | Party |
|---|---|---|---|---|
jalees_refresh | HttpOnly, SameSite=Lax session refresh token. Required to keep you signed in. | Essential | Up to 30 days | First-party |
jalees_oauth_state | HttpOnly anti-CSRF state for "Sign in with Google". Set when you start the OAuth flow and cleared when you return. | Essential | 5 minutes | First-party |
PARAGLIDE_LOCALE | Remembers which UI language (English or Arabic) you last selected, so the app renders in that language on your next visit. Set by the Paraglide i18n runtime when you change the language. | Essential (preference) | Up to 400 days | First-party |
cf_chl_*, __cf_bm | Cloudflare Turnstile challenge state and bot-management cookies, set when you submit signup or login. Required to keep automated abuse off our auth endpoints. | Essential | Up to 30 minutes | Third-party (Cloudflare) |
ph_jalees (or ph_*) | PostHog anonymous distinct identifier. Set only after you opt in to analytics; used to stitch your visits into a single funnel. | Analytics | Up to 365 days | First-party |
posthog-session-id | PostHog session identifier. Set only after opt-in; expires after 30 minutes of inactivity. | Analytics | 30 minutes (idle) | First-party |
4. Browser storage we use
Some preferences are kept in localStorage rather than as cookies. Like cookies, they
are stored in your browser and can be cleared from the browser's site-data controls.
jalees:consent:v1- Your cookie choices and the timestamp at which you made them. Required so we don't show the banner again on every page.
- PostHog persistence keys
-
When analytics is opted in, PostHog stores its distinct id, session id, and
person-properties cache in
localStorage. Cleared when you opt out or sign out.
5. How to manage cookies
You can change your cookie preferences at any time by opening the cookie settings panel from the link in our footer ("Cookie settings"). You can also block or delete cookies in your browser's settings, but doing so for essential cookies will prevent you from signing in.
Analytics is provided by
PostHog
(PostHog Inc.), processed in the EU region at eu.i.posthog.com. We honour the
Do Not Track browser signal: if your browser sends DNT, PostHog will not be initialised.
6. Changes to this policy
We may update this policy to reflect changes to our cookie usage. When we do, we will update the effective date above. Material changes that affect how we use non-essential cookies will be re-surfaced through the cookie banner so you can review and re-confirm your choices.