1. Introduction
Klystrr ("we", "our", "the platform") uses cookies and similar storage technologies to operate the platform, remember your preferences, and β with your consent β understand how you interact with the product.
This Cookie Policy explains which technologies we use, why we use them, and how you can manage your choices.
This policy should be read alongside our Privacy Policy and Terms of Service.
3. Why we use them
- Authentication and security β Keep user sessions active and transmit access tokens to the API.
- Session management β Store temporary state needed for dashboard navigation (e.g. sidebar state).
- OAuth flows and import wizard β Retain intermediate data during OAuth login redirects and the application migration wizard.
- User preferences β Remember your display theme and login choices to improve the experience on your next visit.
- Analytics (with consent) β Understand how users interact with the platform in order to improve onboarding, detect friction in deployments, and improve the product experience.
- Marketing (future, with consent) β Klystrr does not currently use marketing trackers. If such tools are added in the future, consent will be requested before activation.
4. Categories
Klystrr classifies storage technologies into four categories:
- Strictly necessary β Required for the platform to function. Cannot be refused without preventing login, deployments, or dashboard use.
- Preferences β Improve user experience but are not essential to core functionality. Can be cleared without affecting key features.
- Analytics β Used to understand product usage. Require your consent. Not active until consent is given.
- Marketing β Not currently used. Reserved for future use. Will require your consent if activated.
5. Strictly necessary technologies
These items are required for Klystrr to work properly. They do not require prior consent, but you have the right to be informed about them.
Technical note β Authentication tokens (token and refreshToken) are currently stored in localStorage. A migration to secure httpOnly cookies is planned to improve security against XSS attacks.
| Name | Type | Duration | Purpose | Third party | Category |
|---|---|---|---|---|---|
sidebar_state | Cookie / browser storage | 7 days | Remembers the sidebar open/closed state. | No | Strictly necessary |
token | localStorage | Until logout or JWT expiration | Maintains the authenticated session. Sent as a Bearer token to the API. A migration to secure httpOnly cookies is planned. | No | Strictly necessary |
refreshToken | localStorage | Until logout | Renews the access token without forcing the user to log in again. A migration to secure httpOnly cookies is planned. | No | Strictly necessary |
git_link_provider | sessionStorage | Current session (tab) | Temporarily stores the selected Git provider (GitHub, GitLab) during OAuth redirect and callback. | No | Strictly necessary |
wizard_imported_app_id | sessionStorage | Current session (tab) | Temporarily stores the imported application ID during the migration/import wizard. | No | Strictly necessary |
wizard_mode | sessionStorage | Current session (tab) | Temporarily stores the current wizard mode during navigation. | No | Strictly necessary |
6. Preference technologies
These items improve your experience but are not essential to the core technical operation of the platform. They persist in your browser until you clear them manually or the application removes them.
| Name | Type | Duration | Purpose | Third party | Category |
|---|---|---|---|---|---|
rememberMe | localStorage | Persistent (until cleared) | Remembers the user's "Remember me" choice on the login page. | No | Preferences |
theme | localStorage | Persistent (until changed or cleared) | Remembers the selected display theme (dark mode or light mode). | No | Preferences |
7. Analytics β PostHog
Klystrr integrates PostHog, an open-source product analytics tool. PostHog is currently integrated in the codebase but not yet initialized. No PostHog cookies or trackers are placed in your browser until you give analytics consent.
When PostHog analytics is activated (only after consent), it may be used to understand how users interact with the platform, improve the onboarding process, detect friction points during deployments, and improve the product experience.
| Name | Type | Duration | Purpose | Third party | Category |
|---|---|---|---|---|---|
ph_<token>_posthog | Analytics cookie / tracker | ~1 year | Visitor identification, device/session analytics, referrer information, product usage analytics. | PostHog (us.i.posthog.com) | Analytics |
ph_<token>_posthog_ses | Analytics session cookie | Session | Maintains the current analytics session. | PostHog (us.i.posthog.com) | Analytics |
User identification
After consent, Klystrr may identify authenticated users in PostHog by transmitting the following data: user ID, email address, first name, and last name. These are personal data under GDPR. Processing through PostHog may involve a transfer to PostHog infrastructure, including servers located in the United States via the endpoint us.i.posthog.com. This is consistent with our Privacy Policy, in particular the data sharing section.
Types of events collected
After consent, PostHog may collect events related to authentication (login, registration, verification), public navigation (pages viewed, interactions), dashboard usage (server and project creation), deployments (triggered, succeeded, failed), Git integrations, and account actions. No source code, server configuration, or deployment content is transmitted to PostHog.
8. Marketing
Klystrr does not currently use any marketing cookies or advertising trackers.
This category is reserved for future use. If marketing tools are integrated later β such as conversion pixels, retargeting trackers, or advertising measurement tools β your explicit consent will be requested before activation.
None of these tools are currently active on Klystrr.
9. Managing your choices
You have several ways to manage cookies and browser storage:
- Browser settingsβ Most browsers allow you to view, block, or delete cookies, localStorage, and sessionStorage. Consult your browser's help documentation for specific instructions.
- Cookie banner or settingsβ Where available, you can manage your consent preferences directly from the cookie banner or the application's cookie settings, when this feature is made available.
- Withdrawing consent β You can withdraw your analytics consent at any time. Withdrawal takes effect immediately for future data collection. It does not affect data already collected.
Deleting strictly necessary technologies (in particular authentication tokens) will log you out of the platform.
10. Refusing optional cookies
If you refuse optional cookies, or if you clear preference technologies:
- The Klystrr application remains fully usable.
- Authentication, deployments, and all core features continue to work normally.
- Strictly necessary technologies remain active β they are required for the platform to function.
- PostHog is not initialized, no analytics trackers are placed, and no usage data is transmitted.
- No visitor identification, autocapture, or session replay is performed.
11. Policy updates
This Cookie Policy may be updated when Klystrr changes its storage, analytics, or marketing tools. In the event of a material change β for example, activating PostHog or adding marketing tools β we will notify you by email or via an in-app notification, and we will update the "last updated" date at the top of this page.
12. Contact
For any questions regarding this Cookie Policy or the management of your personal data:
privacy@klystrr.app