This page explains the cookies and similar tracking technologies (collectively, “cookies”) that Hashqix LLC uses on hashqix.ai and app.hashqix.ai. For details on how we handle personal information generally, see our Privacy Policy.
1. What are cookies?
Cookies are small text files that a website stores on your device. They help the site remember your session, your preferences, and other small pieces of state across page loads. Similar technologies — including localStorage, IndexedDB, and HTTP-only session tokens — function the same way for our purposes and are covered by this Policy.
2. Categories we use
We split tracking into four categories. You can review and change your choices at any time in Settings → Privacy & Cookie Settings.
2.1. Essential
Required for the Service to work. These cannot be disabled.
- Clerk — authentication session tokens; expires on logout.
- Supabase — security cookies that gate access to your stored canvas, projects, and media. Expires on logout or 7 days, whichever comes first.
- localStorage / IndexedDB — stores your offline canvas state and recent project list so the app boots fast without a network round-trip. Cleared when you sign out.
2.2. Error monitoring
Reports crashes and unexpected errors so we can fix them. Off by default in the EEA / UK; defaults on in the US (legitimate-interest basis).
- Sentry — error events with stack traces, page URL, and a randomly-generated session id. We do not include your name or email. Sensitive form fields are masked. Retention: 90 days.
2.3. Product analytics
Aggregate usage measurements that tell us which features are popular and which flows are confusing. Autocapture is disabled — we instrument specific events explicitly so we never collect raw clicks or form input contents.
- PostHog — event identifiers (e.g. “project_created”), page views, and a randomly-generated visitor id. We honor browser
Do Not TrackandSec-GPCsignals. Retention: 12 months.
2.4. Session replay
Off by default everywhere — including the US — because session replay can inadvertently capture sensitive form inputs even with masking. Opt-in only via Privacy & Cookie Settings. Used solely for debugging; never for marketing analysis.
- Sentry Replay — only fires on errors when enabled. All form inputs (email, password, phone) are masked client-side; Clerk widget DOM is fully blocked. Retention: 30 days.
3. Region-specific behavior
- EEA & UK: nothing in categories 2.2 / 2.3 / 2.4 fires before you make a choice in our consent banner. You can withdraw consent at any time via Privacy & Cookie Settings.
- California, Colorado, Connecticut, and other US states with comprehensive privacy laws: we honor the Global Privacy Control signal. If your browser sends
Sec-GPC: 1(ornavigator.globalPrivacyControl === true), we treat it as a request to opt out of product analytics. You can also opt out manually via Your Privacy Choices. - Rest of the United States and the world: categories 2.2 and 2.3 default on; you can disable them anytime via Privacy & Cookie Settings. Category 2.4 always defaults off.
4. Browser controls
All major browsers let you block or delete cookies through their settings. Disabling essential cookies will sign you out and prevent the Service from functioning. Disabling analytics or error monitoring won’t affect functionality — only our ability to debug or measure adoption.
5. Changes
We may add or change cookies as the Service evolves. Material changes will be announced in our Privacy Policy with a 30-day notice period.
6. Contact
Questions about cookies? [email protected]