Cookie Policy
Last updated: March 26, 2026
This Cookie Policy explains what cookies RepoWrit uses, why we use them, and how you can manage them. We keep things simple, we use the minimum cookies necessary to make the app work.
What Are Cookies?
Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit, like your login status and preferences.
Cookies We Use
Strictly Necessary Cookies
These cookies are essential for RepoWrit to function. Without them, you can't sign in or use the service. We do not use any marketing, advertising, or tracking cookies.
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
sb-*-auth-token | Supabase authentication session. Keeps you signed in and verifies your identity. | Session / 1 year (refresh token) | Supabase |
sb-*-auth-token-code-verifier | PKCE code verifier for secure OAuth flow during GitHub sign-in. | Session | Supabase |
How These Cookies Work
When you sign in with GitHub, Supabase (our authentication provider) sets session cookies to maintain your login state. These cookies contain encrypted authentication tokens, they do not contain your password, source code, or personal information in readable form.
The refresh token cookie allows you to stay signed in between browser sessions so you don't have to re-authenticate every time you visit RepoWrit.
Third-Party Cookies
Lemon Squeezy (Payment Processing)
When you visit the checkout or billing portal, Lemon Squeezy (our payment processor) may set cookies on their domain to process your transaction and prevent fraud. These cookies are governed by Lemon Squeezy's Privacy Policy and are only active during the payment flow.
Anthropic
We use Anthropic's Claude API for AI processing. Anthropic's API is a server-to-server integration — Anthropic does not set any cookies in your browser through RepoWrit.
PostHog (Product Analytics)
We use PostHog for privacy-friendly product analytics to understand how features are used and improve the product. PostHog may set the following cookies:
| Cookie | Purpose | Duration | Provider |
|---|---|---|---|
ph_* | Anonymous session tracking and feature flag evaluation | 1 year | PostHog |
PostHog analytics are configured with person_profiles: "identified_only", meaning anonymous visitors are not tracked with personal profiles. Analytics data is processed in the US region (us.i.posthog.com). You can opt out of analytics tracking via the cookie consent banner or by blocking these cookies in your browser settings.
For more information, see PostHog's Privacy Policy.
GitHub
During the OAuth sign-in flow, GitHub may set cookies on github.com to authenticate you. These are GitHub's own cookies and are governed by GitHub's Privacy Statement.
What We Don't Use
To be explicit, RepoWrit does not use:
- ❌ Analytics cookies — we use PostHog for minimal product analytics (see above), but no Google Analytics, Mixpanel, or Amplitude
- ❌ Advertising cookies (no ad networks, no retargeting pixels)
- ❌ Social media tracking cookies (no Facebook Pixel, no Twitter tags)
- ❌ Fingerprinting or device tracking technologies
- ❌ Cross-site tracking of any kind
Managing Cookies
Browser Settings
You can control cookies through your browser settings:
- Chrome: Settings → Privacy and Security → Cookies and other site data
- Firefox: Settings → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions → Manage and delete cookies
Blocking RepoWrit Cookies
If you block the authentication cookies listed above, you will not be able to sign in to RepoWrit. The service requires these cookies to function.
Your Rights
Under GDPR (European Economic Area)
Strictly necessary cookies do not require consent under GDPR, as they are essential for the service you have requested. Analytics cookies (PostHog) are loaded only after you accept analytics via the cookie consent banner. You always have the right to manage cookies through your browser settings.
Under CCPA (California)
RepoWrit does not sell personal information. Our cookies do not track you for advertising purposes. You have the right to know what data we collect, see our Privacy Policy for full details.
Changes to This Policy
We may update this Cookie Policy if we change the cookies we use. Any updates will be reflected by changing the "Last updated" date at the top of this page.
Contact
If you have questions about our use of cookies:
- Email: support@repowrit.com
This Cookie Policy is effective as of March 22, 2026.