Cookie Policy

Last updated: 2026-04-17

1. What Are Cookies

Cookies are small text files stored on your device when you visit a website. In addition to traditional cookies, we may also use related technologies such as localStorage, sessionStorage, and tracking pixels to provide and improve our service. These technologies serve similar purposes and are governed by this policy.

2. How We Use Cookies

We use cookies for the following purposes:

  • Authentication: to keep you signed in and maintain your session
  • Preferences: to remember your cookie consent choices
  • Analytics: to understand how visitors interact with our service (only with your consent)

When you decline analytics cookies, we still collect aggregate, anonymous usage statistics using privacy-preserving technology that does not set cookies or store any data on your device. This data cannot identify you individually and is used solely for internal audience measurement under our legitimate interest.

We do not use any advertising or marketing cookies.

3. Cookie Declaration

Necessary Cookies (Always Active)

These cookies are essential for the service to function and cannot be disabled.

NameProviderPurposeDuration
wos-sessionWorkOSAuthentication sessionSession
pl_cookie_consentPeeklitStores cookie consent preferences1 year (accept) / 1 month (reject)
__sessionPeeklitApplication session managementSession
pl_verifiedPeeklitMarks a viewer as having completed email verification on a previous link from the same organization, so they can skip OTP on subsequent links from that organization. Strictly necessary — set only after the viewer explicitly initiated verification.14 days

Analytics Cookies (Consent Required)

These cookies are only set after you give explicit consent.

NameProviderPurposeDurationType
ph_*PostHogPage views and feature usage1 year1st party (via proxy)
ph_phc_*PostHogSession recording1 year1st party (via proxy)

4. Third-Party Cookies

The following third-party services may set their own cookies when you use Peeklit:

  • WorkOS — for authentication and identity management
  • PostHog — for product analytics (consent-based, proxied through our domain)

5. Legal Basis

  • Necessary cookies: exempt from consent requirements under the ePrivacy Directive as they are strictly necessary for the service to function.
  • Analytics cookies: require your explicit consent under GDPR Article 6(1)(a). They are only activated after you opt in through our cookie consent banner.
  • Anonymous audience measurement: based on our legitimate interest (GDPR Art. 6(1)(f)) in understanding aggregate service usage. No cookies are set, no persistent identifiers are created, and no individual identification is possible. This is consistent with the AEPD's guidance on audience measurement exemptions.

6. Data Collected via Cookies

Essential cookies collect

  • Authentication tokens and session identifiers
  • Cookie consent preferences

Analytics cookies collect

  • Anonymized IP address
  • Browser type and version
  • Pages visited and navigation paths
  • Feature interactions and click events

Anonymous audience measurement collects

  • Anonymized page view counts
  • Browser type (aggregated)
  • Country-level geographic data (aggregated)
  • Referring source (aggregated)

This data is processed using a daily-rotating, irreversible hash. No raw IP addresses or user agents are stored. Individual visitors cannot be identified or tracked across sessions.

7. Managing Your Preferences

You can manage your cookie preferences at any time by clicking the "Manage cookies" link in the footer of any page on Peeklit.

You can also control cookies through your browser settings. Here are links to cookie management instructions for major browsers:

Please note that disabling essential cookies may impair the functionality of the service.

8. Cookie Retention

Your cookie consent preference is stored for 1 year if you accept analytics cookies, or 1 month if you reject them. After your consent preference expires, you will be prompted again to make your choice.

9. Consent Records

For logged-in users, we store your cookie consent decision along with a timestamp on the server side. This allows us to demonstrate valid consent as required by GDPR Article 7(1), which mandates that controllers be able to prove that consent was given.

10. International Considerations

Our cookie practices are designed to comply with the following regulations:

  • EU/EEA: General Data Protection Regulation (GDPR) and the ePrivacy Directive
  • United Kingdom: UK GDPR and the Privacy and Electronic Communications Regulations (PECR)
  • California: California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA)

11. Changes to This Policy

If we make material changes to how we use cookies, we will request your consent again through the cookie banner. Minor clarifications or editorial changes will take effect immediately upon posting the updated policy.

12. Contact

For any questions about this Cookie Policy, please contact us at hello@peeklit.com.