Effective date: July 9, 2026
When you sign in or create an account, WebikAI sets webik_session. It authenticates
requests to the application. It is HTTP-only, uses SameSite=Lax, is marked Secure
in production, and currently has a maximum lifetime of 30 days. Logging out deletes it from the
browser. Blocking this cookie prevents authenticated features from working.
On eligible public marketing pages, WebikAI uses PostHog for limited page and feature events. PostHog is configured with memory-only persistence: it does not set an analytics cookie or a local-storage identifier, and WebikAI disables autocapture, session recording, and advertising use. Query strings are removed from page paths. PostHog may still receive network information, including an IP address, while processing an event.
Analytics is disabled on authenticated application pages, API routes, password-reset routes, email verification routes, and other token-bearing paths. Route eligibility is held in memory; WebikAI does not store an analytics opt-in or opt-out flag. If the public analytics key is not configured, no PostHog library or event is sent.
Because the current session cookie is strictly necessary and public analytics is cookieless, the pre-release site does not currently provide a cookie preference panel. Browser controls can clear or block cookies, subject to the sign-in limitation above. If WebikAI later adds non-essential cookies, this notice and consent controls must be updated before deployment where required.
Questions: [email protected].