1. Summary
horsenose uses two kinds of cookies and similar browser-stored information:
- Strictly necessary cookies — set without asking you first, because the Service simply cannot work without them (keeping you signed in, remembering your language, passing bot protection, and remembering the cookie choice you already made). These are listed in §3.1.
- Optional analytics — PostHog, which we load only if you click "Accept" on the cookie banner. If you reject — or do nothing — PostHog is never loaded and none of its cookies or stored data are created. This is the only category that depends on your consent. It is described in §3.2.
We do not use advertising cookies, retargeting pixels, conversion pixels, or any cross-site behavioural-profiling technology. We are not part of an advertising network and we do not share cookie data with anyone for advertising. See §3.4.
When you first visit from the EU (or another place with an equivalent e-privacy rule), a cookie banner asks you to Accept or Reject the optional analytics category. Both choices are given equal prominence, and nothing is pre-ticked. You can change your mind at any time using the "Cookie settings" link in the site footer.
2. What is a cookie?
A cookie is a small text file a website stores in your browser to remember something about your visit — for example, that you are signed in. Closely related technologies do the same job in slightly different ways: local storage and session storage (key/value data kept by your browser) and pixel tags. This policy covers all of them, and we use the word "cookies" throughout to mean cookies and these equivalent technologies together.
Cookies set by horsenose itself are called first-party; cookies set by a provider we use (such as our analytics provider) are called third-party.
3. Cookies we use
3.1 Strictly necessary (no consent required)
These cookies are strictly necessary to deliver the Service you have asked for — signing you in, keeping you signed in, remembering your language, protecting forms from bots, letting you into a stable’s public schedule, and remembering the cookie choice you already made so we do not ask again. Because they are essential to a service you actively requested, they are exempt from consent under Article 5(3) of the EU ePrivacy Directive (and, for UK visitors, the equivalent rule in UK PECR). We do not use them for analytics, tracking, or advertising.
| Name | Purpose | Set by | Duration |
|---|---|---|---|
| `sb-<projectRef>-auth-token` (Supabase session — may be split into `.0`, `.1`, … chunks when large) | Keeps you signed in and refreshes your session without making you log in again. Stored as one or more secure, `HttpOnly` cookies by Supabase Auth via `@supabase/ssr`. | horsenose (via Supabase) | Up to ~30 days (refresh token); the access-token portion is short-lived (~1 hour) |
| `nose_consent` | Remembers your cookie-banner choice (Accept / Reject analytics) so we don’t ask you on every visit. `HttpOnly`. | horsenose | 12 months |
| `NEXT_LOCALE` | Remembers your chosen language (Polish / English) for the interface. | horsenose | 1 year |
| `nose_visit_<stable-slug>` | Set only when a stable’s schedule is password-protected and you enter the correct access password — it remembers that you passed, so you are not asked again on that stable’s public schedule. Signed and `HttpOnly`; scoped to that one stable. | horsenose | 24 hours |
| `cf_clearance` | Records that you passed a Cloudflare Turnstile bot-protection challenge (used on sign-in, sign-up, magic-link, invitation, and public-schedule password forms). | Cloudflare | ~30 minutes |
| `cf_bm` | Cloudflare bot-management, distinguishing humans from automated traffic. | Cloudflare | ~30 minutes |
In our cookie banner these are presented under a single "Strictly necessary" category (always on) that covers both the essential cookies (sign-in, language, public-schedule, consent) and the security cookies (Cloudflare Turnstile bot protection). Neither sub-group can be switched off, because the Service cannot run without them.
We do not set any Lemon Squeezy, Stripe, or other payment-checkout cookies — horsenose processes no online payments today (cash / pass / voucher / BLIK inside the app are only labels recording how a rider paid). Subscription-billing cookies, if any, would arrive only with Stripe at a later milestone, and we would update this policy then.
3.2 Analytics (PostHog — opt-in only)
We use PostHog (provided by PostHog Inc., hosted on its EU Cloud at `eu.posthog.com`, with data ingested via `eu.i.posthog.com`) to understand how the product is used so we can improve it. PostHog is loaded only after you click "Accept" on the cookie banner. If you click "Reject," or if your browser sends a Do Not Track / Global Privacy Control signal (§5), PostHog is never loaded and none of the keys below are created.
When you have accepted, PostHog stores a pseudonymous identifier (a random id that distinguishes repeat visits but does not, by itself, tell anyone who you are) using cookies and/or your browser’s local storage:
| Name | Type | Purpose | Set by | Duration |
|---|---|---|---|---|
| `ph_<project_api_key>_posthog` | Cookie and browser local storage | Holds the pseudonymous device/visitor id and the analytics state, so repeat visits and page views can be counted across the same browser. | PostHog (`eu.i.posthog.com`) | 12 months (cookie); local-storage entry persists until you clear browser data or withdraw consent |
What PostHog collects (only with consent): which pages you view and which buttons or screens you use (this is "autocapture" — element-level interactions such as clicks, input changes and form submissions), basic web performance measurements (page-loading and responsiveness metrics — CLS, FCP, LCP, INP), and standard technical details (browser, operating system, device type, and an approximate country/region). Your IP address is discarded by PostHog at ingestion (we have enabled PostHog’s project setting "Discard client IP data"), so no raw IP is retained against your analytics profile. PostHog retains analytics events for 6 months and session replays for 30 days, after which they are deleted.
Session recording — please read this. With your consent, PostHog also records your session — it captures how you move through and interact with the app — to help us find usability problems. All on-screen text and all form inputs are masked client-side, before the recording leaves your browser (`maskAllText: true` and `maskAllInputs: true`). Names, phone numbers, notes, and anything you type are replaced with placeholder blocks, so a stored recording shows the layout and the interactions, not the personal data on your screen. Session recording is turned on only if you accept analytics; if you reject (or your browser signals Do Not Track / Global Privacy Control), it is never loaded and no session is recorded.
Legal basis. Because PostHog reads from and writes to your device, it falls within Article 5(3) of the EU ePrivacy Directive (and UK PECR) and may be used only with your prior, specific, informed and freely-given consent (Article 6(1)(a) GDPR). We obtain that consent through the cookie banner in §1. Consent is never assumed, never pre-ticked, and can be withdrawn at any time (§4).
Where the data goes (international transfer). PostHog runs on its EU Cloud, so analytics and session-recording data stay within the European Economic Area — there is no transfer to the United States for PostHog.
Vercel Web Analytics (cookieless — no consent needed). Separately, we use Vercel Web Analytics, a privacy-preserving analytics tool that measures aggregate traffic without setting any cookies and without building a profile of you. Because it sets no cookies and does not identify or track you, it is not part of the optional analytics category above and does not depend on the cookie banner. We mention it here for completeness, but it places nothing in your browser that this policy needs to list.
3.3 Marketing / advertising cookies
None. We do not use advertising cookies, retargeting or conversion pixels, audience-export tags, or any similar technology. We never share cookie data for advertising.
3.4 Trackers we do not use
To be explicit, horsenose does not embed any of the following:
- Facebook / Meta Pixel
- LinkedIn Insight Tag
- X (Twitter) conversion pixels
- TikTok Pixel
- Google Ads / DoubleClick or any other advertising-network tag
- Any cross-site retargeting or behavioural-advertising technology
- Browser fingerprinting
The only session recording we use is the masked PostHog session recording described in §3.2 — it is consent-gated, masks all on-screen text and form inputs, runs on PostHog’s EU Cloud, and is never loaded if you reject analytics. We do not use Hotjar, FullStory, or any other separate session-replay or heat-mapping service.
If we ever add any tracker in the future, we will update this policy and request your consent before it is loaded.
4. How to control cookies
4.1 Through our cookie banner
On your first visit from a place with an e-privacy rule (the EU and equivalent), the cookie banner asks you to Accept or Reject the optional analytics category (PostHog, including the masked session recording). Both options carry equal prominence and nothing is pre-ticked.
To change your choice at any time — for example, to withdraw consent you gave earlier, or to grant it — click "Cookie settings" in the site footer. Withdrawing consent stops PostHog from loading on your next page load and does not affect anything already, lawfully, processed before you withdrew.
4.2 Through your browser
You can also control cookies directly in your browser:
- Chrome: Settings → Privacy and security → Third-party cookies / Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Settings → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Blocking strictly-necessary cookies will break the Service. If you block the Supabase session cookie you will not be able to stay signed in; if you block `nose_consent`, the banner will reappear on every visit because we cannot remember your choice.
You can clear all cookies for the site at any time through your browser’s "clear browsing data" menu — doing so resets your consent choice, so the banner will appear again on your next visit.
5. Do Not Track and Global Privacy Control
We respect Do Not Track (DNT) and Global Privacy Control (GPC) signals where technically possible. If your browser sends either signal on the first request, we treat it as a rejection of the optional analytics category — PostHog (including session recording) is not loaded, and the banner is not shown. Strictly-necessary cookies and cookieless Vercel Web Analytics are unaffected, because they do not track you and are needed to provide the Service you requested.
6. Updates
We will update this policy whenever we add or change a cookie or similar technology, or change how an existing one is used. The "Last updated" date at the top always reflects the most recent revision.
If we add any new non-essential technology in the future (for example, a different analytics vendor, or any advertising tracker), we will request your consent before it is set, through a clearly labelled cookie banner with equal-prominence "Accept" and "Reject" options.
7. Contact
Questions about cookies, or about a choice you have made: support@horsenose.eu.
For broader questions about how we handle your personal data, see the Privacy Policy. If you are an EU resident and are not satisfied with our response, you may lodge a complaint with the Polish supervisory authority — the President of the Personal Data Protection Office (UODO), ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl — or your local national data-protection authority.