Cookie Policy
Last updated: April 27, 2026 · Version 1.0.0 · Effective: April 27, 2026
EDUCATIONAL TEMPLATE NOTICE. This document is a template drafted for the Unbind product. It is intended to be 99.99% production-ready, but the live cookie inventory should be reconciled with the production deployment (using the in-product cookie scanner) at least quarterly.
This Cookie Policy explains how Unbind, Inc. (“Unbind,” “we,” “us,” or “our”) uses cookies and similar technologies on the Site and within the Service. It supplements our Privacy Policy.
1. What are cookies and similar technologies?
A cookie is a small text file that a website places on your device when you visit. Cookies allow the website to recognise your browser on subsequent visits and remember information about you (for example, that you are signed in or that you have already accepted a notice).
We also use other browser-storage mechanisms that work similarly to cookies and that this policy treats as cookies for legal purposes:
localStorageandsessionStorage— key/value stores in your browser used to remember UI preferences and short-lived state.- IndexedDB — a structured client-side database we use to keep your projects available offline.
- Pixel tags / web beacons — tiny graphics or scripts used to confirm an action (for example, that an email was opened, where lawful with consent).
- Service workers — scripts that allow offline functionality on the desktop and PWA experiences.
This Cookie Policy applies to all of these technologies.
2. Categories of cookies we use
We classify cookies into four categories. Only the strictly necessary category is loaded before you make a choice in our consent banner.
2.1 Strictly necessary
These cookies are essential for the Service to function and are exempt from consent under EU/UK ePrivacy rules. Examples include the cookies that keep you signed in, balance traffic across servers, and remember the choices you made in the consent banner itself.
2.2 Functional / preferences
These remember choices you make to give you a better experience (for example, your selected theme, your last-used canvas zoom, or your language preference). We load these only with your consent — except where the preference is part of providing the core Service you signed up for.
2.3 Analytics
These help us understand how the Service is used so we can improve it. We use PostHog for analytics. Analytics cookies are loaded only with your prior, opt-in consent.
2.4 Marketing / advertising
We do not currently set marketing or advertising cookies on the Site or within the Service, and we do not allow third-party advertising networks to set cookies. If we ever introduce marketing cookies, we will update this policy and request your consent before any are set.
3. Cookie inventory
The table below is a snapshot of the cookies and similar technologies we set on the Site and within the Service. The live, machine-generated inventory shown to you in the consent banner is the authoritative source — see Settings → Cookie preferences inside the Service for the current state.
| Name | Provider | Purpose | Category | Expiry | Consent required |
|---|---|---|---|---|---|
unbind_session | Unbind | Authenticated session cookie (HTTP-only, Secure, SameSite=Lax) | Strictly necessary | Session | No |
unbind_csrf | Unbind | CSRF protection token | Strictly necessary | Session | No |
unbind_consent | Unbind | Stores your consent choices and the version of the banner you saw | Strictly necessary | 12 months | No |
unbind_locale | Unbind | Remembers your selected language | Functional | 12 months | No (necessary for localisation) |
unbind_theme | Unbind | Remembers your selected theme (light, dark, etc.) | Functional | 12 months | No (necessary for accessibility) |
lb_route | Unbind / hosting | Load-balancer routing affinity | Strictly necessary | Session | No |
ph_* (e.g., ph_phc_*_posthog) | PostHog | Product analytics — feature usage, performance, retention | Analytics | 12 months | Yes |
posthog_distinct_id | PostHog | Pseudonymous user identifier for analytics | Analytics | 12 months | Yes |
Stripe checkout cookies (e.g., __stripe_mid, __stripe_sid) | Stripe | Required only on the Stripe-hosted checkout page; fraud prevention | Strictly necessary (during checkout) | Stripe sets these on its own domain when you check out — see Stripe’s policy | No (necessary to complete payment) |
localStorage keys (unbind:*) | Unbind | UI preferences such as panel widths, last-used view, sidebar collapse | Functional | Until cleared | No (necessary to provide the Service you requested) |
IndexedDB databases (unbind:projects, unbind:comments-outbox, etc.) | Unbind | Offline-first project cache and outbox | Strictly necessary | Until cleared | No |
The exact list and order of cookies may vary slightly between deployments. The in-product banner uses the live CookieDeclarationTable and is the source of truth.
4. Third-party cookies
We allow the following limited third-party technologies, and only as described:
- Stripe Checkout — when you initiate a checkout, Stripe loads its own cookies on its own domain to detect fraud and complete the payment. We do not control these cookies. See https://stripe.com/cookies-policy/legal.
- PostHog — our analytics provider. PostHog cookies are loaded on our domain and only after consent. See https://posthog.com/privacy.
We do not embed third-party advertising or social-media tracking pixels in the Service.
5. Your choices
5.1 Consent banner
When you first visit the Site, you will see a cookie banner that lets you:
- Accept all — load all categories;
- Reject all — load only strictly necessary cookies;
- Manage preferences — toggle each non-essential category individually.
Your choice is stored in the unbind_consent cookie. You can change it at any time from Settings → Cookie preferences (or by clearing the cookie and reloading the page).
5.2 Global Privacy Control (GPC)
If your browser sends the Global Privacy Control signal (Sec-GPC: 1), we treat that as a binding opt-out of all non-essential cookies and a withdrawal of any previous consent for analytics or marketing. We will not show you the banner; we will simply respect the signal.
5.3 Browser controls
Most browsers let you block or delete cookies through their settings. If you block strictly necessary cookies, the Service may not function correctly (for example, you may not be able to sign in).
Useful links:
- Chrome: https://support.google.com/chrome/answer/95647
- Firefox: https://support.mozilla.org/kb/cookies-information-websites-store-on-your-computer
- Safari (macOS): https://support.apple.com/guide/safari/manage-cookies-sfri11471/mac
- Safari (iOS): https://support.apple.com/HT201265
- Edge: https://support.microsoft.com/microsoft-edge/delete-cookies-in-microsoft-edge
5.4 Opting out of PostHog analytics
In addition to using the consent banner, you can opt out of PostHog analytics by toggling Settings → Privacy → Allow product analytics off, or by enabling GPC in your browser.
6. Mobile and desktop applications
The Unbind desktop application uses operating-system-level storage rather than HTTP cookies. The same consent rules apply: only strictly-necessary local storage is used by default, and analytics are off until you opt in. Local data is encrypted using electron.safeStorage (AES-256 backed by the OS keychain).
7. Children
We do not knowingly set non-essential cookies for users we believe to be under the age of consent in their jurisdiction (13 in the US, 16 in the EEA, or the equivalent locally). See Section 16 of the Privacy Policy.
8. Changes to this Cookie Policy
We may update this Cookie Policy when our cookie use changes or when applicable law requires. We will update the “Last updated” date at the top of the document. For material changes (for example, the introduction of a new analytics or marketing partner), we will re-prompt you for consent.
9. Contact us
For questions about cookies or this policy, contact us at:
Unbind, Inc. — Privacy Team Email: [email protected] Postal: [Registered Street Address], [City, State / Province, Postal Code], [Country]