01What cookies are
Cookies are small text files placed on your device by a website you visit. They allow the site to remember things about your visit — for example that you are signed in, or that you closed a notification — without holding that state on the site's own server. Most modern browsers also support similar mechanisms like localStorage and sessionStorage; we treat them under the same policy as cookies.
02Our approach
We use the minimum number of cookies needed to operate the service. Every cookie we set has a clear functional purpose. We do not use marketing cookies, behavioural-tracking cookies, advertising cookies, or third-party analytics scripts on our public marketing surface.
03Essential cookies we set
These cookies are strictly necessary for the parts of the service that require them. They are exempt from the consent requirements of the Privacy and Electronic Communications Regulations (PECR) because the service you have requested cannot function without them.
| Cookie name | Purpose | Lifetime |
|---|---|---|
gb_partner_session | Keeps you signed in to the Partner Portal after authentication. Set only after you sign in. | 30 days, sliding |
gb_customer_session | Keeps you signed in to the Customer Dashboard after authentication. Set only after you sign in. | 30 days, sliding |
gb_admin_session | Keeps Ghostables staff signed in to the admin console. Never set on customer-facing surfaces. | 8 hours |
gb_csrf | Cross-site-request-forgery protection token for forms. | Session |
All session cookies are marked HttpOnly (cannot be read by JavaScript), Secure (sent only over HTTPS), and SameSite=Lax (not sent on cross-site navigations).
04Third-party cookies
A small number of third-party services we use may set their own cookies in your browser when you interact with their components. These are not under our direct control, but we have chosen each provider carefully.
| Provider | When | What it does |
|---|---|---|
| Stripe | When you reach the Stripe Checkout page during purchase, or use the Stripe Billing Portal | Required for payment-flow security and fraud prevention. See Stripe's cookie policy. |
| Cloudflare | Possibly on every request, as our CDN | __cf_bm — a short-lived bot-management cookie. cf_clearance — set after passing a security challenge if one is shown. |
05What we don't use
For clarity, the following are not set or used on any Ghostables surface:
- Google Analytics, Plausible, Fathom, Matomo, or any other website analytics service
- Facebook Pixel, LinkedIn Insight Tag, Twitter Conversion Tracking, Google Ads tags
- Cross-site advertising cookies of any kind
- Behavioural-profiling cookies
- Heatmapping or session-replay tools
If we ever wanted to introduce any of the above, we would update this policy first and offer a clear consent mechanism that allowed you to refuse them without losing access to the service.
06Managing cookies
You can control or block cookies through your browser settings. Most browsers let you view, delete, and refuse cookies on a per-site basis:
Note that blocking the essential cookies listed above will prevent you from signing in to the Partner Portal or Customer Dashboard. The public marketing pages will continue to work normally.
07Changes to this policy
If we add, remove, or change any cookie we use, we will update this policy and revise the "Effective" date at the top of the page. Material changes affecting customers will also be communicated by email.
08Contact
Questions about this cookie policy: hello@ghostables.io. See also our Privacy Policy for how we handle personal data more broadly.