Cookie Notice

Effective date: July 9, 2026

Draft for counsel review โ€” not legal advice.

Essential session cookie

When you sign in or create an account, WebikAI sets webik_session. It authenticates requests to the application. It is HTTP-only, uses SameSite=Lax, is marked Secure in production, and currently has a maximum lifetime of 30 days. Logging out deletes it from the browser. Blocking this cookie prevents authenticated features from working.

Public-page analytics

On eligible public marketing pages, WebikAI uses PostHog for limited page and feature events. PostHog is configured with memory-only persistence: it does not set an analytics cookie or a local-storage identifier, and WebikAI disables autocapture, session recording, and advertising use. Query strings are removed from page paths. PostHog may still receive network information, including an IP address, while processing an event.

Analytics is disabled on authenticated application pages, API routes, password-reset routes, email verification routes, and other token-bearing paths. Route eligibility is held in memory; WebikAI does not store an analytics opt-in or opt-out flag. If the public analytics key is not configured, no PostHog library or event is sent.

Choices and changes

Because the current session cookie is strictly necessary and public analytics is cookieless, the pre-release site does not currently provide a cookie preference panel. Browser controls can clear or block cookies, subject to the sign-in limitation above. If WebikAI later adds non-essential cookies, this notice and consent controls must be updated before deployment where required.

Questions: [email protected].