InstaRedact — Cookie Policy
Effective Date: January 1, 2026 Last Updated: May 2, 2026
1. Introduction
This Cookie Policy explains how Olmsted Tech LLC ("InstaRedact," "we," "us," or "our") uses cookies and similar tracking technologies on the InstaRedact website and platform located at instaredact.com (the "Site").
This policy should be read alongside our Privacy Policy and Terms of Service, both of which are incorporated by reference.
For visitors in the United States (our primary audience), we use a notice + opt-out approach for analytics and advertising cookies managed through our cookie tool (Klaro): those categories are on by default, and you may turn them off or adjust categories at any time via Cookie preferences in the Site footer or the choices in the banner.
Where stricter laws apply (for example in the EEA, UK, or Switzerland), we rely on the same tool and your stored choices to respect applicable consent requirements for non-essential cookies and similar technologies.
2. What Are Cookies?
Cookies are small text files placed on your device (computer, tablet, or phone) by a website when you visit it. They are widely used to make websites work efficiently, to remember your preferences, and to provide information to website operators.
In addition to cookies, we may use related technologies such as:
- Local Storage / Session Storage — Browser-based key-value stores used to persist data across or within browsing sessions without expiration dates.
- Pixel tags / web beacons — Tiny transparent images embedded in pages or emails that signal when content has been accessed.
- Device fingerprinting — Technical attributes of your browser and device used to identify and authenticate sessions.
For the purposes of this policy, all of the above are referred to collectively as "cookies."
3. Categories of Cookies We Use
We classify cookies into four categories based on their purpose:
3.1 Strictly Necessary Cookies
These cookies are essential for the Site and Service to function. They cannot be disabled without breaking core functionality such as authentication, security, and session management. They do not require your consent under applicable law.
3.2 Functional Cookies
These cookies enable enhanced features and personalization, such as remembering your preferences. They are not strictly necessary but improve your experience.
3.3 Analytics / Performance Cookies
These cookies help us understand how users interact with the Site — which pages are visited, how long users stay, and where errors occur. This information is used in aggregate to improve the Service.
3.4 Marketing / Advertising Cookies
These cookies are used to deliver relevant communications and, where applicable, measure the effectiveness of campaigns. For U.S. visitors they are on by default until you opt out in our cookie tool; where applicable law requires prior consent, we rely on your choices in that tool.
4. Cookies Set by InstaRedact and Our Providers
The following tables list the specific cookies set on the Site, including those placed by our third-party infrastructure partners. Because some cookie names (such as PostHog's analytics cookie) are dynamically generated using your project API key, we use pattern notation where appropriate.
4.1 Authentication — Supabase
Supabase provides our database, user authentication, and backend infrastructure. When you sign in, Supabase sets cookies to maintain your authenticated session securely.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
sb-<project-ref>-auth-token |
Strictly Necessary | Stores your JWT access token and refresh token to keep you authenticated across pages and sessions. The token is encrypted and tied to your account. | Session / configurable (up to account lifetime) |
sb-<project-ref>-auth-token-code-verifier |
Strictly Necessary | A PKCE code verifier used during the OAuth authentication flow (e.g., Google sign-in). Deleted after the OAuth exchange completes. | Session (deleted on completion) |
Note: Older versions of Supabase Auth used
sb-access-tokenandsb-refresh-token. These legacy cookies may appear on some browsers but are deprecated and no longer recommended by Supabase.
Provider: Supabase, Inc. | Supabase Privacy Policy
4.2 Authentication — Google OAuth
When you choose to sign in with Google, Google's authentication service sets cookies on Google's own domain (accounts.google.com) as part of the OAuth flow. These cookies are set by Google, not by InstaRedact, and are governed by Google's Privacy Policy.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
SID |
Strictly Necessary | Digitally signed, encrypted record of your Google Account ID and most recent sign-in time. Used to authenticate and protect against cross-site attacks. | 2 years |
HSID |
Strictly Necessary | Works alongside SID to authenticate users and prevent unauthorized access to account data. |
2 years |
AEC |
Strictly Necessary | Detects spam, fraud, and abuse during Google authentication flows. | 6 months |
pm_sess |
Strictly Necessary | Ensures that requests within a browsing session are made by the user and not by a third-party site (CSRF protection). | 30 minutes |
These cookies are set on Google's domain, not instaredact.com, and InstaRedact does not have access to their values. They exist solely to facilitate the Google sign-in process at your request.
Provider: Google LLC | Google Cookie Policy
4.3 Analytics — PostHog
PostHog is our product analytics platform. It helps us understand how users navigate the Service, which features are used, and where errors occur. PostHog stores data as a first-party cookie on the instaredact.com domain — it does not track users across unrelated third-party sites.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
ph_<project_api_key>_posthog |
Analytics / Performance | The primary PostHog analytics cookie. Stores your distinct user ID and session ID to identify unique visitors across sessions, cache feature flag values, and enable session replay. The full name includes your PostHog project API key. | 365 days |
localStorage: In addition to the cookie above, PostHog uses
localStorage(the defaultlocalStorage+cookiepersistence mode) to store additional analytics properties such as event queues and feature flag states.localStoragedata is not transmitted as an HTTP cookie but remains in your browser until cleared.
Opting out: You can turn off PostHog (and other analytics technologies we describe here) via Cookie preferences in the Site footer or through the cookie banner. We also honor PostHog’s own opt-out mechanisms where applicable. You may contact us for assistance.
Provider: PostHog, Inc. | PostHog Privacy Policy
4.4 Payment Processing — Stripe
Stripe is our payment processor. When you access a payment page or checkout flow on the Site, Stripe sets cookies for fraud detection and security purposes. These cookies are necessary for secure payment processing.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
__stripe_mid |
Strictly Necessary | A device fingerprint identifier set by Stripe at the start of a browser session. Used to identify the device for fraud prevention and detection purposes across Stripe-powered payment flows. | 1 year |
__stripe_sid |
Strictly Necessary | A short-lived session identifier set by Stripe during payment processing. Used to verify that requests during a checkout session originate from a legitimate user, not from malicious actors. | 30 minutes |
Stripe may also set additional cookies or use local storage for fraud prevention purposes that are not listed above. For the complete and most up-to-date list, see Stripe's Cookie Policy.
Provider: Stripe, Inc. | Stripe Cookie Policy
4.5 InstaRedact First-Party Cookies
In addition to the third-party cookies described above, we may set our own first-party cookies for the following purposes:
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
klaro |
Strictly Necessary | Stores your cookie consent choices (Klaro CMP) so we can apply them on return visits. | ~120 days (see Klaro configuration) |
ir_session |
Strictly Necessary | Maintains your authenticated application session state on the server side. | Session |
ir_csrf |
Strictly Necessary | A Cross-Site Request Forgery (CSRF) protection token that validates that form submissions originate from the legitimate Site. | Session |
Note: Analytics and marketing measurement (including Sections 4.3, 4.6, 4.7, and 4.8) are enabled by default for U.S. visitors and may set or update cookies and similar storage when you use the Site, until you opt out or adjust categories in our Klaro cookie banner or Cookie preferences in the Site footer. Where applicable law requires a different standard, we apply your stored choices from the same tool. Google tags also respect Google Consent Mode signals we send from the Site.
4.6 Measurement — Google Analytics 4 (GA4)
When analytics measurement is allowed in our cookie tool (including the default-on U.S. experience until you opt out), Google Analytics 4 may set cookies to measure how the Site is used. Delivery is typically through Google Tag Manager together with Google’s consent settings.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
_ga |
Analytics / Performance | Distinguishes visitors and supports session and traffic measurement. | 2 years |
_ga_* (for example _ga_XXXXXXXX) |
Analytics / Performance | Persists session state and stores campaign-related information for GA4. The suffix identifies your GA4 data stream / property. | 2 years |
Provider: Google LLC | Google Privacy Policy | Google Analytics privacy
4.7 Measurement — Google Ads
When marketing / advertising measurement is allowed in our cookie tool (including the default-on U.S. experience until you opt out), Google Ads may set cookies for conversion measurement and attribution. Tags are typically delivered through Google Tag Manager together with Google’s consent mode.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
_gcl_au |
Marketing / Advertising | Google Click Identifier (first-party). Used for conversion linker and attribution across Google advertising services. | 90 days |
_gcl_aw |
Marketing / Advertising | Stores ad click information for conversion tracking where applicable. | 90 days |
Provider: Google LLC | Google Ads privacy
4.8 Measurement — Meta (Facebook) Pixel
When marketing measurement is allowed in our cookie tool (including the default-on U.S. experience until you opt out), Meta may set cookies for conversion measurement and ad performance through the Meta Pixel (browser). Meta Conversions API (CAPI) events are sent from our servers only when the same marketing choice is on in the cookie tool, so browser blockers do not silently leave server-side Meta measurement on when you have opted out in Klaro.
| Cookie Name | Type | Purpose | Duration |
|---|---|---|---|
_fbp |
Marketing / Advertising | Browser identifier used by Meta for advertising and conversion measurement on our domain. | 90 days |
_fbc |
Marketing / Advertising | Click identifier when you arrive from Meta ads; used for attribution. Set when applicable. | 90 days |
Provider: Meta Platforms, Inc. | Meta Data Policy
5. Additional Clarifications
Apart from the cookies and technologies described in Section 4 (and only when permitted by your consent choices and applicable law), InstaRedact does not:
- Use embedded third-party social media widgets (for example, embedded “Like” or “Share” buttons) that set additional tracking cookies on the Site beyond what this policy describes;
- Use undisclosed cross-site tracking technologies to profile you across unrelated websites outside the measurement partners listed above.
6. Your Cookie Choices
6.1 Cookie banner and preferences
We use Klaro as our cookie consent tool. You will see a notice where you can accept all, decline (where offered), or customize categories. For our primary U.S. audience, analytics and marketing are on by default; you may turn categories off at any time.
Your choices are stored (for example in the klaro cookie) and can be reopened via Cookie preferences in the Site footer. Where stricter laws apply, the same tool is used to record and respect the choices required in those regions.
6.2 Browser Controls
Most browsers allow you to control cookies through their settings. You can typically:
- View what cookies are stored and delete them individually;
- Block cookies from specific sites;
- Block all third-party cookies; or
- Clear all cookies when you close the browser.
Instructions for common browsers:
Important: Disabling strictly necessary cookies (particularly Supabase authentication cookies) will prevent you from signing in and using the Service.
6.3 Opt-Out Tools
- PostHog analytics: Use Cookie preferences in the Site footer or the cookie banner (analytics category), or contact legal@instaredact.com.
- Google Analytics 4: Use Cookie preferences or the banner (analytics category) and browser cookie controls.
- Google Ads and Meta Pixel: Use Cookie preferences or the banner (marketing / advertising categories) and browser cookie controls.
- Stripe fraud detection: These cookies are required to process payments and cannot be disabled while using paid features of the Service.
- Google OAuth cookies: These are set by Google on Google's domain when you choose to sign in with Google. You can manage them through your Google Account settings.
7. Do Not Track
Some browsers transmit a "Do Not Track" (DNT) signal to websites. At this time, there is no universally agreed-upon standard for how websites should respond to DNT signals. We do not currently alter our data collection practices in response to DNT signals alone, but we do honor choices you make through our cookie tool (Cookie preferences / banner). We may add support for additional browser opt-out signals (for example Global Privacy Control) as our implementation evolves; when we do, we will describe them here.
8. International Transfers
Some of our providers (including PostHog, Google, Meta, Stripe, and Supabase) are based in or process data in the United States. By using the Site, you consent to your cookie data being transferred to and processed in the United States and other countries, subject to the safeguards described in our Privacy Policy (Section 9).
9. Updates to This Policy
We may update this Cookie Policy from time to time to reflect changes in our cookie usage or applicable law. When we do, we will update the "Last Updated" date above. Material changes will be communicated via the Site or by email where appropriate. We encourage you to review this policy periodically.
10. Contact Us
If you have any questions about our use of cookies or this policy, please contact:
Olmsted Tech LLC (InstaRedact) 30 N Gould St Ste R, Sheridan, WY 82801 legal@instaredact.com
This Cookie Policy was last updated on May 1, 2026.