1. Summary

We use a small number of strictly-necessary cookies and browser-storage entries to run the Service — authentication tokens and similar — and a very short list of optional analytics and error-tracking entries that only run after you give consent through the cookie banner.

You can change your consent at any time from the "Cookie preferences" link in our site footer.

2. What are cookies and similar technologies?

A cookie is a small text file that a website asks your browser to store. The next time you visit the site, the browser sends the cookie back, which lets the site recognize you (for example, to keep you logged in).

We also use related browser-storage mechanisms — primarily localStorage — which are similar in principle: a website asks your browser to store some data, and the browser keeps it across visits. Under the ePrivacy Directive (Article 5(3)) and the interpretive guidelines from European data-protection authorities, cookies and similar storage are governed by the same rules: prior consent is required for anything that is not strictly necessary for the explicitly-requested service.

3. Strictly-necessary entries

These cookies and storage entries are necessary for the Service to function as you have explicitly requested (for example, to keep you signed in to your account). They run without asking for consent.

Name	Type	Purpose	Lifetime
refresh_token	First-party cookie (HttpOnly, Secure, SameSite=Lax)	Authentication — renews your session without re-prompting for password	30 days
qubithub_auth_token	localStorage	Short-lived access token used to authorize API requests from your browser	Until logout or token expiry
qubithub_refresh_token	localStorage	Fallback storage for the refresh token (used by environments where cookies are restricted, e.g. some embedded contexts)	Until logout
qubithub_cookie_consent	localStorage	Records your cookie-consent choice so we do not re-prompt on every visit	12 months

4. Optional entries (consent-required)

The entries in this section run only after you have given consent through the cookie banner. If you decline, neither service runs in your browser and neither stores anything on your device.

4.1 Product analytics — PostHog

We use PostHog to understand how visitors and users navigate the site so we can improve it. PostHog sets first-party cookies and writes a small set of entries to localStorage.

Name	Type	Purpose	Lifetime
ph_*_posthog	localStorage	PostHog device identifier, session state, and feature-flag cache	Up to 12 months

Data collected: anonymized device identifier, page views, click events on UI elements we have instrumented, basic device context (browser, OS, screen size). We host PostHog data in the EU region (eu.posthog.com). See PostHog's privacy policy for details on its own retention practices.

4.2 Error tracking and session replay — Sentry

We use Sentry to capture JavaScript errors and unhandled exceptions so we can fix bugs. When you have given consent, Sentry also captures a short session replay around any error that occurs — a visual reconstruction of the page state immediately before the error. Session replay defaults to masking all text input and media; you can disable session replay entirely in your account settings while still permitting basic error tracking.

Name	Type	Purpose	Lifetime
sentryReplaySession	sessionStorage	Session replay correlation identifier	Browser session only

Data collected: error stack traces, browser context, the URL on which the error occurred, and (when replay is permitted) a masked visual recording of the page state around the error. See Sentry's privacy policy for details.

5. How to manage your consent

When you first visit the Service from the EEA, the UK, or Switzerland, you will see a cookie banner that asks for consent to the optional entries in Section 4. The banner has three controls:

Accept all — consent to all optional entries
Reject all — only strictly-necessary entries run; no optional analytics or replay
Customize — toggle each category separately

Your choice is recorded in the qubithub_cookie_consent entry in localStorage so we do not re-prompt on every visit. You can change your choice at any time from the "Cookie preferences" link in the site footer. Withdrawing consent applies from the moment you withdraw and does not affect processing that occurred before withdrawal.

6. Browser controls

You can configure your browser to block cookies, to ask for permission before each cookie, or to delete cookies after each session. Note that blocking strictly-necessary cookies (Section 3) will prevent the Service from working — you will not be able to stay logged in. Most browsers also let you clear localStorage entries.

Browser-specific instructions:

7. Do-Not-Track signals

Some browsers send a "Do Not Track" (DNT) signal with each request. There is no industry-standard interpretation of DNT and the signal is being phased out by major browsers. We do not currently act on DNT signals — but if DNT is enabled in your browser, our cookie banner still requires affirmative consent before any optional entry runs, which produces the same outcome as honoring DNT.

8. Changes to this policy

We may update this policy when our cookie inventory changes or when we add or remove services that set cookies. The "Last updated" date at the top of the page indicates when the policy was last revised. Material changes will be announced through the cookie banner so you have the chance to review your consent.

9. Contact

Privacy questions: privacy@qubithub.co. For everything else, see our Impressum.