Legal document \u00b7 Version 1.0
Cookies Policy
- Effective date
- 2026-01-01
- Last updated
- 2026-04-21
- Document ID
- WS-LEG-COOK-001
- Supersedes
- None
Notice. This page is an informational summary and does not constitute legal advice. Where cookie consent is required by law, we collect it through an on-site consent banner before setting any non-essential cookie.
\u00a7 1. What a cookie is
A cookie is a small text file placed on your device by a website. Cookies allow the site to recognise your browser, to maintain preferences across pages, and to collect aggregate data about how the site is used. We also use comparable technologies — local storage, session storage, and server-side logs — for similar purposes, which we treat the same way as cookies.
\u00a7 2. Categories we use
We use three categories of cookies. Strictly-necessary cookies are set by default because the site cannot function without them. All other categories are set only with your consent.
- Strictly necessary. Required for core functionality — session routing, CSRF protection, consent record, and fraud prevention. Cannot be disabled.
- Analytics. Aggregate measurement of page views, scroll depth, and navigation paths. Set only after you opt in. IPs are truncated before storage.
- Performance. Uptime, error, and performance telemetry collected by our observability provider. Data is attributed to a pseudonymous session identifier, not an individual.
We do not use advertising cookies. We do not share cookie data with ad exchanges or data brokers.
\u00a7 3. Cookie register
The following register lists each cookie we currently set. We update this register whenever the set changes; the “Last updated” date above reflects the last modification.
Strictly necessary
- ws_session
- Session identifier
First-party. Expires at browser close. HttpOnly, Secure, SameSite=Strict.
- ws_csrf
- Cross-site request forgery token
First-party. Expires with session.
- ws_consent
- Record of your cookie preferences
First-party. Retained for 12 months, then re-prompted.
Analytics (consent required)
- ph_session
- PostHog pseudonymous session ID
First-party. Retained for 30 minutes of inactivity or at most 24 hours.
- ph_user
- PostHog pseudonymous user ID
First-party. Retained for 365 days. IPs are truncated at collection.
Performance (consent required)
- sentry_trace
- Distributed trace identifier
First-party. Retained for 90 days. Attributed to a pseudonymous session identifier.
\u00a7 4. How to control cookies
You can open the consent panel at any time by following the Cookie preferences link in the site footer. Withdrawing consent takes effect immediately and disables any non-essential cookies on your next page load. You can additionally clear cookies, block cookies from specific sites, or block all cookies from your browser settings — consult your browser’s help documentation for details.
We respect the browser Global Privacy Control signal as a valid opt-out under the California Privacy Rights Act and equivalent laws.
\u00a7 5. Third parties
The analytics and performance cookies listed above are set by our sub-processors on our behalf. We configure them to minimise data collection: IP truncation, session-level aggregation, and data-processing contracts that prohibit onward use. For the full list of sub-processors, see /legal/subprocessors.
\u00a7 6. Changes
We update this policy whenever the cookie set changes. Material changes will be notified through the consent banner. The “Last updated” date at the top of this page reflects the most recent change.
\u00a7 7. Contact
For questions about cookies or to exercise a data subject right, email privacy@wavestar.space.
Preferences
Change your cookie settings
Open the consent panel from the footer link or clear your preference cookie and we will re-prompt on the next visit. Opt-outs take effect immediately.