01What
What Cookies Are
Cookies are small text files stored on your device by your browser when you visit a website. They let the site remember your actions and preferences — authentication state, security tokens, language, feature toggles — across pages and visits. We also use closely related technologies such as local storage, session storage and server-side session identifiers; we refer to all of these as "cookies" in this policy for simplicity.
Cookies can be first-party (set by the site you are visiting) or third-party (set by a service loaded by that site). We keep third-party cookies to a minimum and name each third party below.
02Marketing site
Cookies on routiq.ai (marketing site)
| Cookie / group | Vendor | Purpose | Category | Region |
|---|---|---|---|---|
| Vercel routing cookies | Vercel Inc. | Routing to the nearest edge region and serving the correct deployment; required for the site to function. | Strictly necessary | Edge-global |
| Cloudflare security cookies | Cloudflare, Inc. | Bot/abuse detection, TLS session and WAF decisions; required for site security. | Strictly necessary | Edge-global |
| PostHog analytics | PostHog Inc. | Aggregated site-visit telemetry with IP truncation enabled; used to improve site content. Loaded only after consent. | Analytics (opt-in) | United States |
We do not run advertising, ad-retargeting, or cross-site-tracking cookies on the marketing site today.
03Application
Cookies on app.routiq.ai (application)
| Cookie / group | Vendor | Purpose | Category | Region |
|---|---|---|---|---|
| Supabase Auth session | Supabase Inc. | Maintains your authenticated session after sign-in; required for the application to function. | Strictly necessary | AWS ap-southeast-2 (Sydney) |
| CSRF / same-site token | Routiq (first-party) | Prevents cross-site request forgery on authenticated state-changing requests; required for security. | Strictly necessary | Application origin |
| PostHog product analytics | PostHog Inc. | Staff-side UI event telemetry (clicks, feature use) with IP truncation; no patient data. Loaded only after consent. | Analytics (opt-in) | United States |
| Sentry error context | Functional Software Inc. (Sentry) | Captures unhandled errors with PII-scrubbing applied client-side before transmission; used for debugging. | Error monitoring | EU — Frankfurt |
Error-monitoring telemetry is PII-scrubbed in the browser before transmission (client-side beforeSend). Patient content is not sent to Sentry or PostHog.
04Third parties
Third-Party Cookies
The following third parties may set cookies when you use our sites. Each operates under its own privacy policy, which you should review if you want the full detail.
- —Cloudflare, Inc. — edge security and bot mitigation. cloudflare.com/privacypolicy
- —Vercel Inc. — hosting and routing. vercel.com/legal/privacy-policy
- —PostHog Inc. — analytics. posthog.com/privacy
- —Functional Software Inc. (Sentry) — error monitoring. sentry.io/privacy
- —Supabase Inc. — authentication session. supabase.com/privacy
05Manage
How to Manage Cookies
In your browser. All major browsers let you view, block or delete cookies. Consult your browser’s help pages — for example, Chrome, Firefox, Safari, and Edge. Blocking strictly-necessary cookies will break authentication and security features.
Analytics opt-out. Where a consent banner is displayed, you can decline analytics cookies on first visit and revisit the preference from the banner’s re-open control at the foot of the page. You can also opt out of PostHog analytics directly from your browser settings.
Withdrawing consent. You can withdraw consent at any time with effect for future processing. See the Privacy Policy for the full rights framework and contact routes.
06Contact
Contact
Questions about cookies or tracking on Routiq — email support@routiq.ai.