Cookie Policy
ePrivacy · PECR · UK / EU GDPR
Updated: May 2026
1. What are cookies?
Cookies are small text files a website stores on your device when you visit it. They make the site work properly, remember your preferences and, in some cases, analyse usage of the service.
Under the ePrivacy Directive (EU) and PECR (UK), cookies that are strictly necessary for the service are exempt from prior consent. For everything else we ask for your authorisation.
2. Cookies we use
Essential — no consent required
| sb-*-auth-token | Supabase. Authenticated user session. Expires on sign-out or after 7 days. |
| sb-*-auth-token.0 | Supabase. Session token fragment (segmented cookie). Same purpose. |
| canai_locale | Language preference (es/de/en). 365 days. Contains no personal data. |
| canai_country | Detected country for content personalisation. 365 days. |
Local storage (localStorage) — not cookies, but similar function
| canai_onboarding_answers | Sign-up form answers, kept locally so they are not lost if the browser closes. Removed on completion. |
| canai_cookie_consent | Records whether you accepted this cookie notice. |
| canai_rec_* | Feedback on recommendations (dismissed, saved). Device-only. |
Analytics — Vercel Analytics (active, anonymous data)
We use Vercel Analytics, which collects anonymous usage data (page views, country of origin, device type) — no cookies, no personal data stored. Data is processed on Vercel's servers (US, under SCCs / UK IDTA). More info: vercel.com/docs/analytics/privacy.
Product analytics — PostHog (consent required)
We use PostHog (hosted in its EU cloud, eu.i.posthog.com) to understand how the product is used and improve it. PostHog acts as a data processor on behalf of canAI and is only enabled after you accept the “Analytics” category in the cookie notice (legal basis: your consent, Art. 6(1)(a) GDPR and PECR/ePrivacy). Until then PostHog stays disabled and collects or stores nothing.
Once you consent, PostHog may record page views, usage events (clicks and feature interactions), performance metrics (Web Vitals), device and browser type, and a session recording. If you are signed in, events are linked to your account via an identifier. This data is processed and hosted on servers in the EU, with no transfer to third countries. PostHog retains the data according to its default settings; you can request access or erasure by emailing hola@purzi.dog. More info: posthog.com/privacy.
You can accept or reject this category, and change your decision at any time, using the “Manage cookies” link in the footer, which reopens the preferences panel. Rejecting analytics does not affect how the service works.
Google OAuth cookies (only if you sign in with Google)
If you authenticate with Google, the OAuth flow may set its own Google cookies. See Google's Privacy Policy for details. canAI only receives your verified email address from the OAuth flow.
3. Managing and deleting cookies
You can manage cookies through your browser settings:
- Chrome: Settings → Privacy and security → Cookies and other site data
- Firefox: Preferences → Privacy & Security → Cookies and Site Data
- Safari: Preferences → Privacy → Manage Website Data
- Edge: Settings → Cookies and site permissions
Blocking essential cookies will prevent the service from working correctly (you won't be able to stay signed in).
4. Changes to this policy
We will update this policy if our technology or applicable law changes. Questions? hola@purzi.dog.