Cookie Policy
What handlo.ai stores in your browser and how to manage your choices.
Handlo AI, Inc. · Last Updated: June 9, 2026 · Effective Date: June 9, 2026
1. What Are Cookies?
Cookies are small text files stored by your browser when you visit a website. They let the site remember information about your visit, such as your authentication state and preferences. We also use related browser-storage technologies (e.g. localStorage) for the same purposes — references to "cookies" in this policy include those technologies.
This policy covers only cookies and browser storage on our website and app. It does not govern call recordings, transcripts, or voice data captured when our AI answers calls — see our Privacy Policy and Data Processing Addendum for how that information is handled.
2. Categories of Cookies We Use
We organize cookies into three categories. The cookie banner you see on your first visit lets you accept all, reject non-essential, or manage each category individually.
2.1 Essential (always on)
Required for the Service to function. Cannot be turned off because the site will not work without them.
| Name | Purpose | Retention |
|---|---|---|
handlo_consent | Stores your cookie-consent choice (all, essential, or custom) so we don't show the banner again on every page. | 1 year |
handlo_consent_prefs | Stores your granular per-category choice when you click "Save preferences". | 1 year |
sb-* (Supabase) | Authenticates you to your account after sign-in. Without this you cannot stay logged in. | Persists until you sign out; the session is refreshed periodically |
sb-*-pkce-verifier | Used during the OAuth / magic-link sign-in handshake to prevent token interception. | Set at sign-in, deleted on first use |
2.2 Analytics (consent-gated)
We use these to understand how the Service is used and to debug production issues. They run only after you accept analytics consent. Rejecting analytics in the cookie banner prevents these from loading.
| Name / Service | Purpose | Retention |
|---|---|---|
ph_* (PostHog) | Product analytics — page views, feature usage, and custom events. We reverse-proxy the ingest endpoint through /ingest, so requests do not travel directly to a third-party domain from your browser; the proxied analytics data is then processed by PostHog in the EU. | 1 year |
| Sentry Session Replay | Replays of error-affected sessions so we can debug bugs without contacting you. Loaded only with analytics consent. All on-screen text and form inputs are masked and all media is blocked, and no network request or response bodies are captured — a replay is a redacted wireframe of the page layout, not your actual content. | 30 days |
If you reject analytics, neither PostHog nor Sentry Replay loads in your browser at all. (Sentry's error capture without replay continues for legitimate-interest debugging — it does not collect cookies, only minimal error context with PII redacted.)
2.3 Functional (consent-gated)
These remember preferences that personalize your experience beyond the essential set.
| Name / Storage | Purpose | Retention |
|---|---|---|
NEXT_LOCALE | Remembers the language you select so the site loads in that language. | 1 year |
theme (localStorage) | Remembers your light/dark theme preference. | Until cleared |
3. Third-Party Trackers and Advertising
We do not embed third-party advertising trackers, social-media pixels, or fingerprinting scripts, and we do not sell or share your information for advertising. The cookies and storage above are first-party or are set by the service providers (sub-processors) we engage to operate the Service — for example Supabase for authentication and PostHog and Sentry for analytics. The current list of those providers is in our Sub-processor Register.
4. Managing Your Choice
You can change your cookie choice at any time by clearing the handlo_consent cookie in your browser settings, which will re-show the banner. Most browsers also let you block all cookies entirely — doing so may prevent you from signing in.
5. Browser Signals (Do Not Track / Global Privacy Control)
Our cookie banner is the authoritative way to communicate your analytics-consent preferences to our Service, and we honor the choices you make through it. Because we do not sell or share personal information or use advertising cookies, there is no sale or sharing for a "Do Not Track" or Global Privacy Control (GPC) signal to opt out of. We do not separately rely on the legacy "Do Not Track" header, which lacks a consistent industry standard.
6. Changes to This Policy
We will update the "Last Updated" date above when this policy changes materially. For substantive changes that affect what data we collect, we will re-prompt your consent.
7. Language
This policy is published in English, which is the binding version. Any translation is provided for convenience only.
8. Contact
For questions about cookies or your privacy choices:
Handlo AI, Inc. 131 Continental Drive, Suite 305 Newark, DE 19713 USA
Email: privacy@handlo.ai