Effective: 2026-05-01Last updated: 2026-04-27Version: 1.0.0
How InsightOpus Inc. uses cookies and similar tracking technologies, why we use them, how long they persist, and how you can control them.

Introduction

This Cookie Policy explains how InsightOpus Inc. ("InsightOpus", "we", "us") uses cookies and similar technologies when you visit insightopus.com, the InsightSignal web application at signal.insightopus.com and insightsignal.com, or any other website or service we operate (together, the "Service"). It is incorporated by reference into our Privacy Policy.

What cookies are

A cookie is a small text file that a website stores on your device so that the site can recognize your browser on subsequent visits. Similar technologies include web beacons (also known as pixels or clear GIFs), local storage, session storage, and device identifiers; this policy covers them collectively as "cookies".

Cookies may be set by us directly ("first-party cookies") or by a third party loaded through the Service ("third-party cookies"). They may last only for the duration of your browser session ("session cookies") or persist across visits until they expire or you delete them ("persistent cookies").

Categories of cookies we use

We classify cookies into four categories based on purpose. For each category below, you will find the typical vendor, whether the cookie is strictly necessary, and how you can control it.

1. Strictly necessary cookies

These cookies are required for the Service to function and cannot be disabled through our consent controls. Turning them off in your browser will break core functionality such as signing in, staying signed in, or completing a purchase.

CookieProviderPurposeDuration
Session token (SuperTokens)First-partyKeeps you signed in to the InsightSignal app and scopes requests to your account.Session; rotates on re-authentication
Anti-CSRF tokenFirst-partyProtects against cross-site request forgery during authenticated actions.Session
Stripe checkout cookies (__stripe_mid, __stripe_sid)Stripe, Inc.Enable secure payment processing on billing pages and help Stripe detect fraud.__stripe_mid: 12 months; __stripe_sid: 30 minutes
Load-balancer / edge cookiesFirst-party and CloudflareRoute your requests to a consistent backend and filter abusive traffic.Session to 30 days

Lawful basis (GDPR/ePrivacy): necessary for the performance of the contract (ePrivacy Directive Art. 5(3) "strictly necessary" exemption). No consent required.

2. Functional cookies

These cookies remember choices you have made so that you do not have to re-enter them on every visit.

CookieProviderPurposeDuration
insightopus-themeFirst-partyRemembers whether you have selected the light or dark theme. Stored in browser local storage, not a traditional cookie.Until cleared by the user
Language preferenceFirst-partyRemembers the language you have selected for the interface.12 months
Cookie-consent stateFirst-partyRecords your choices on the cookie consent banner so we do not re-prompt.12 months

Lawful basis: consent where required. These cookies are set only after you accept them in the consent banner, except where you have actively configured the preference they store (in which case the cookie is necessary to honor your choice).

3. Analytics cookies (opt-in/opt-out)

We use analytics to understand how the Service is used so that we can improve it. Analytics are disabled by default in jurisdictions that require prior consent (EEA, UK, Switzerland, and any other jurisdiction that requires opt-in consent for non-essential cookies). Elsewhere they are enabled by default but you may opt out at any time from the consent banner, from your profile's privacy settings in the InsightSignal app, or via Global Privacy Control.

CookieProviderPurposeDuration
ph_*PostHog Inc.Product analytics: page views, feature usage, funnel completion, performance. Pseudonymous; we do not use it for cross-site behavioral advertising.Up to 12 months
Session replay (disabled by default)PostHog Inc.When explicitly enabled by us for a debugging investigation, captures de-identified interaction events for the specific session. Off by default.Session

Lawful basis: consent (GDPR Art. 6(1)(a); ePrivacy Directive Art. 5(3)).

4. Marketing and advertising cookies

We do not currently set marketing or advertising cookies on our Service. We do not sell or share personal information for cross-context behavioral advertising under the California Consumer Privacy Act (CCPA/CPRA), nor do we engage in "targeted advertising" as defined by the Virginia, Colorado, Connecticut, Utah, or Texas consumer privacy acts. If this changes in the future, we will update this page, add the relevant cookies to the consent banner, and honor opt-out signals before any such cookie is set.

Your choices

The first time you visit the Service from a jurisdiction that requires prior consent, you will see a banner allowing you to accept all non-essential cookies, reject all non-essential cookies, or configure your choices by category. You can reopen the banner at any time through the "Cookie preferences" link in the site footer.

Browser controls

Most browsers let you block or delete cookies through their settings. Useful links:

Note that blocking strictly necessary cookies through your browser may prevent the Service from working.

Global Privacy Control

We respect the Global Privacy Control (GPC) signal. When we detect a GPC signal on your browser we treat it as a valid opt-out of any non-essential cookies and of any "sale" or "sharing" of personal information under applicable US state privacy laws, even if you have not explicitly used our consent banner.

In-app privacy settings

If you hold an InsightSignal account, you can toggle analytics off at any time under Profile → Privacy & Data. This setting applies across devices signed in to the same account and is separate from the cookie consent banner.

Do Not Track

Because no consistent industry standard for interpreting the browser "Do Not Track" (DNT) signal has emerged, we do not currently respond to DNT. We do, however, honor the Global Privacy Control signal described above.

Children

The Service is not directed to children, and we do not knowingly set cookies on the devices of children under 13 (or under 16 where GDPR applies). See the Privacy Policy for details.

Changes to this policy

We may update this Cookie Policy from time to time. Substantive changes will be reflected in a new version number and effective date in the frontmatter above. For material changes that reduce user rights, we will give at least 30 days' advance notice as required by the Privacy Policy.

Contact

Questions about this Cookie Policy or your cookie choices: [email protected].