Veritrellis

Cookie Policy

Last updated: 2026-05-23 Effective date: 2026-05-23

Cookie Policy

1. Introduction

This Cookie Policy explains how Veritrellis uses cookies, local storage, and similar technologies on its websites and applications.

Veritrellis uses essential and functional cookies or local storage needed for:

  1. user login and session management;
  2. authentication security;
  3. account and workspace access;
  4. CSRF/security protections where applicable;
  5. remembering basic UI state; and
  6. operating the customer app.

We also use PostHog Cloud for analytics on the public marketing website and in the authenticated admin application. This is currently active in our production deployment.

3. Essential cookies

Essential cookies are necessary for the service to work and cannot be disabled through Veritrellis without breaking core functionality. These may include session cookies, authentication cookies, security cookies, and application state.

4. Functional storage

We may use browser storage for user-interface preferences, such as selected workspace, dismissed notices, analytics consent choice, or temporary UI state.

The key veritrellis_analytics_consent is stored in localStorage to remember your analytics consent choice on the marketing website.

5. Analytics cookies and storage

Veritrellis uses PostHog Cloud for web and product analytics. PostHog is a third-party analytics provider. Its privacy policy is available at posthog.com/privacy.

Marketing website (veritrellis.ai)

Analytics on the marketing website is consent-based. PostHog cookies and local storage are only activated after you accept the cookie banner.

  • If you decline, no analytics cookies or storage are set.
  • We collect page views and primary call-to-action clicks (for example “Start sandbox” or “Sign in”).
  • These events include a funnel identifier to understand the visitor-to-signup journey.
  • PostHog sets cookies with the prefix ph_ in your browser for session continuity and cross-visit identity. These are placed only after consent.

Cross-domain tracking: When you click a call-to-action that takes you from the marketing website to the admin application (app.veritrellis.ai), your anonymous PostHog identifier (phid) may be appended as a query parameter to the destination URL. This allows us to link a pre-login marketing visit to a post-login session in PostHog without sharing your personal identity across the two surfaces. The phid value is a random identifier generated by PostHog; it is not your name or email address.

If you decline analytics on the marketing website, the phid handoff does not occur.

You can withdraw marketing-site consent by clearing site data for veritrellis.ai or using the decline option when the banner is shown again after clearing stored consent.

Admin application (app.veritrellis.ai)

Analytics in the admin application is conducted on the basis of legitimate interests. No separate consent is requested. The legal basis and its justification are described in the Privacy Notice.

  • PostHog uses local storage and cookies (prefix ph_) for session continuity and workspace-scoped analytics.
  • When cross_subdomain_cookie is enabled, a shared PostHog cookie may be set for .veritrellis.ai to support identity continuity across marketing and admin surfaces.
  • We collect authenticated product usage events including: page views within the admin app, and key actions such as workspace creation, API key creation, billing checkout, approval decisions, and connector installation.
  • We record these events against a pseudonymous user identifier (your WorkOS user ID) and your workspace ID.
  • We do not send to PostHog: authorization payloads, permit tokens, API key secrets, policy rule contents, action request data, or other Customer Content.

If you wish to object to analytics processing in the admin application, contact privacy@veritrellis.ai. We will assess your request under the applicable legitimate interests basis.

Server-side events

In addition to browser-side analytics, Veritrellis servers send certain conversion events directly to PostHog at the time of key actions (such as sign-in or workspace creation). These events are sent using your WorkOS user ID as the identifier and do not include session cookies or IP addresses.

6. Managing cookies

You can control cookies through your browser settings. Blocking essential cookies may prevent login, account access, or use of the app. Clearing site data will also clear your stored analytics consent choice, and the marketing-site cookie banner will reappear on next visit.

7. Changes

We will update this Cookie Policy when our cookie practices change. Material changes will be communicated through the website or other reasonable means.

8. Contact

Questions about cookies can be sent to privacy@veritrellis.ai.