Cookie
Policy

Cookies are small text files placed on your device when you visit a website. They store information that lets the website remember you, your preferences, or your activity. Cookies can be set by the website you are visiting (first-party) or by other domains the page loads content from (third-party).

FileYield uses both cookies and similar technologies including local storage, session storage, and pixel tags. We refer to all of them collectively as “cookies” on this page.

2.1 Strictly Necessary

Required for the Service to function. You cannot disable these without breaking core features.

• —Authentication cookies (Supabase Auth) — keep you logged in across pages
• —Session cookies — identify your active session
• —CSRF tokens — protect against cross-site request forgery
• —Security cookies — rate limiting, fraud prevention, abuse detection
• —Cookie consent state — remembers your cookie preferences

2.2 Functional

Remember your preferences and personalize your experience.

• —Theme preference (light / dark mode if applicable)
• —Language preference
• —Recently viewed listings
• —Dismissed banner state

2.3 Analytics

Help us understand how the Service is used so we can improve it. Set primarily by PostHog.

• —PostHog distinct ID — anonymously tracks your interactions across pages
• —PostHog session recording cookies — powers session replay (sensitive inputs masked where possible)
• —PostHog feature flag cookies — routes you to specific feature variants

2.4 Performance & Infrastructure

Set by hosting and infrastructure providers to deliver the Service.

• —Vercel routing and edge cache cookies
• —Vercel speed insights identifiers
• —CDN cache cookies

2.5 Payment (when active)

When payments are enabled, Stripe will set cookies for fraud prevention and payment session management. Stripe’s cookies are governed by Stripe’s own cookie policy.

For clarity, FileYield does not use:

• —Advertising cookies for retargeting or behavioral advertising
• —Cross-site tracking cookies for ad networks
• —Third-party social sharing cookies (Facebook Pixel, Twitter Pixel, etc.)
• —Affiliate marketing cookies

If we add any of the above in the future, we will update this page and obtain consent where required by law.

Even though FileYield does not use advertising cookies, some of our service providers set their own cookies for legitimate operational purposes. The third parties currently in scope:

• —Supabase — authentication and session cookies (necessary)
• —Vercel — routing, edge cache, performance monitoring (necessary / performance)
• —PostHog — analytics, session recording, feature flags (analytics)
• —Stripe (planned) — payment processing (necessary when checkout is in use)

Each of these providers maintains their own privacy and cookie policies, which govern their processing of any data collected via cookies.

You can control cookies in several ways:

• —Browser settings — most browsers let you block, delete, or restrict cookies. Doing so may break parts of the Service that depend on strictly necessary cookies.
• —Do Not Track — FileYield honors browser Do Not Track signals where technically feasible by limiting non-essential analytics
• —Opt-out tools — for users in the EEA / UK, we will provide a cookie consent banner that lets you accept or reject non-essential cookies on first visit
• —Email us — for any cookie-related question, contact support@fileyield.com

TODO before launch: implement the cookie consent banner for EEA / UK visitors. This is required by the ePrivacy Directive in many EU member states.

Cookie lifetimes depend on the cookie type:

• —Session cookies: deleted when you close your browser
• —Authentication cookies: typically 7-30 days, refreshed on activity
• —Functional cookies: 1-12 months
• —PostHog analytics cookies: up to 365 days
• —Cookie consent state: up to 365 days

We will update this Cookie Policy as our cookie usage evolves. Material changes will be announced at least 14 days before they take effect.

Questions about cookies: support@fileyield.com