Last updated: May 14, 2026
Effective: April 25, 2026
ClearQuote Cookie Notice
Last updated: May 14, 2026
What Are Cookies
Cookies are small text files that a website places on your browser when you visit. They are used to keep you logged in, remember your preferences, and make the site work correctly.
Not all websites use cookies the same way. Some use them for tracking and advertising — we do not. This notice explains exactly which cookies ClearQuote uses and why.
Cookies We Use
| Cookie Name | Purpose | Category | Duration | HttpOnly | Secure | SameSite |
|---|---|---|---|---|---|---|
sb-[project-ref]-auth-token | Authentication session — keeps you logged in to ClearQuote | Essential | Session (refreshed automatically while you are active) | No | Yes | Lax |
cq_visitor | Stable visitor key for A/B variant continuity — keeps the design variant you see consistent across refreshes | Functional | 30 days | Yes | Yes (production only) | Lax |
About the HttpOnly: No setting: The HttpOnly: No setting is required by the Supabase authentication library (@supabase/ssr) for client-side token refresh. Without JavaScript access to this cookie, the authentication library cannot silently refresh your session when it expires. The cookie is protected by the Secure and SameSite=Lax attributes, which prevent it from being sent over unencrypted connections or in cross-site requests.
Analytics
We use PostHog to see how people navigate the site. On public pages — the landing page, legal docs, and signup — PostHog stores nothing in your browser, not even for the length of your visit. After you log in, your browser holds a small amount of data locally so we can see how features are used over time.
PostHog runs through a reverse proxy at /ph/* on this domain, so analytics requests look the same as any other request to clearquoteapp.com — no third-party domain is contacted from your browser.
We also set a single first-party cookie (cq_visitor) that contains a random visitor identifier used to keep the design variant you see consistent across page refreshes during A/B tests. This cookie holds no behavioral data — only a stable key for routing visitors to one design or another.
PostHog is listed on our Subprocessors page.
What We Do Not Use
We do not use cookies for advertising or cross-site tracking. We do not use third-party tracking cookies. We use PostHog for product analytics — see the Analytics section above for the details. On public pages PostHog stores nothing; after you log in your browser holds a small amount of analytics data locally.
No third-party cookies on this domain. You might expect Stripe (our payment processor) or other services to set cookies. They do not set cookies on clearquoteapp.com. Stripe operates as a redirect flow — when you check out, you leave and return, and Stripe does not place cookies on our domain. All other subprocessors (Anthropic, Google, GitHub, Resend, Upstash, Vercel) are server-side only. PostHog is browser-side but reverse-proxied through /ph/* so it never sets a third-party cookie on this domain.
Why We Don't Ask for Cookie Permission
Because we only use essential cookies required for the Service to function, we do not display a cookie pop-up or permission dialog. There is no meaningful choice to offer — the authentication cookie is necessary to keep you logged in. Our analytics (PostHog) does not use cookies on public pages and uses only first-party browser storage after you log in, so no consent banner is required for it either.
We believe showing a cookie permission dialog for a cookie you cannot decline (because it makes the site work) would be misleading, not helpful.
Contact
If you have questions about our use of cookies, contact us at support@clearquoteapp.com.
ClearQuote Cookie Notice — Last updated: May 14, 2026