Cookie policy
What we use
We keep the list short. Below is every cookie and tracker that theStacc runs.
Essential — always on
These cookies are required for the product to work. You cannot turn them off without breaking sign-in or losing your session.
- thestacc_session · keeps you signed in to the dashboard. Set by theStacc. First-party.
- csrf_token · protects forms from cross-site request forgery. Set by theStacc. First-party.
- __cf_bm · Cloudflare bot management. Distinguishes humans from bots and blocks abusive traffic. Set by Cloudflare on every request to thestacc.com.
- cf_clearance · Cloudflare challenge cookie. Set after you pass a security challenge so you do not see it again the same session.
- __stripe_mid · fraud-prevention identifier set by Stripe whenever a payment form is loaded.
- __stripe_sid · session identifier set by Stripe, used together with __stripe_mid to detect card-testing fraud.
Analytics — optional
These cookies help us measure usage in aggregate. We use them to decide which features to build and which to remove. You can turn them off from the cookie banner.
- ph_* · PostHog analytics. Tracks anonymous events — page views, button clicks, sign-up completion. We have configured PostHog to mask every keystroke and to not record any field marked sensitive. PostHog also drops a session-recording cookie when you opt in.
Preferences — optional
These cookies remember your settings so the dashboard looks the way you left it.
- thestacc_theme · remembers your colour preference. Theme switching is not currently used, but the cookie is reserved.
- thestacc_sidebar · remembers whether the dashboard sidebar is expanded or collapsed.
- thestacc_tz · remembers your time zone so scheduled posts show the right time.
What we do not use
We do not run advertising cookies. We do not run retargeting pixels. We do not run a Facebook Pixel, Google Ads conversion tag, LinkedIn Insight tag, or any tracker that follows you across the web. Marketing pages on thestacc.com use one analytics tag (PostHog) and nothing else.
How long they live
Cookies fall into two buckets.
- Session cookies disappear the moment you close the browser. The sign-in cookie, CSRF token, and Cloudflare bot-management cookie are session-only.
- Persistent cookies stay for a fixed time. cf_clearance lasts 30 minutes. __stripe_mid lasts 12 months. PostHog cookies last 12 months. Preference cookies last 12 months.
You can delete every cookie at any time by clearing your browser data. Once cleared, the next visit starts fresh — you will need to sign in again and re-set your preferences.
Your choices
You have three ways to control cookies on theStacc.
Cookie banner
The first time you visit thestacc.com you see a banner. Choose Accept all, Reject optional, or Customize. Your choice is remembered for 12 months. You can change your mind at any time from the cookie settings link in the footer.
Browser settings
Every browser lets you block cookies, delete cookies, or get a warning before a cookie is set. The instructions differ slightly per browser:
- Chrome · Settings → Privacy and security → Third-party cookies.
- Safari · Settings → Privacy → Manage Website Data.
- Firefox · Settings → Privacy & Security → Cookies and Site Data.
- Edge · Settings → Cookies and site permissions → Manage and delete cookies.
Blocking essential cookies will break the dashboard. You will not be able to sign in.
Opt-out links
You can opt out of specific third-party cookies directly with the vendor:
- PostHog · posthog.com/opt-out or send a Do Not Track signal from your browser — PostHog honours it.
- Cloudflare · Cloudflare cookies are essential for security and cannot be opted out without losing access to protected pages.
- Stripe · Stripe cookies are only set when a payment form loads. They are essential for fraud prevention and cannot be opted out while completing a payment.
Third parties
The third parties listed below each have their own privacy policies. We have vetted each one and link to their policy below so you can read what they do with your data.
- PostHog — product analytics. posthog.com/privacy.
- Cloudflare — DDoS protection, bot management, edge CDN. cloudflare.com/privacypolicy.
- Stripe — payment processing and fraud detection. stripe.com/privacy.
We do not pass on or sell any of the data these third parties collect on our behalf. If we add a new vendor, we will update this page and update the cookie banner before the new vendor's cookies are dropped.
Changes
We update this policy when we add a vendor, remove a vendor, or change how a cookie works. Every update lands here with a new "last updated" date at the top. If the change adds a new optional cookie, the banner will ask for your consent again before the cookie is dropped.
Contact
Questions about cookies:
- Email · hello@thestacc.com
- Postal · theStacc Software Pvt. Ltd., Jaipur, Rajasthan, India
- Data Protection Officer · hello@thestacc.com
A human will write back, usually within 24 hours.