Plain English: We set two kinds of cookies — one to keep you signed in, one (optional) to see which parts of the app actually get used. You can reject the optional one at any time using the banner at the bottom of the page.
Strictly necessary cookies
These are required for the app to function. You can't opt out of them without breaking sign-in.
| Cookie | Purpose | Lifetime |
|---|---|---|
| tasksally_session | Authenticated session token (iron-session) | 14 days, sliding |
| tasksally_csrf | CSRF defense for form submissions | Session |
| tasksally_consent | Records your choice on this banner | 1 year |
| ta_utm_*, ta_referrer, ta_landing_path | First-touch signup attribution. Set when you land on a marketing page; read once when you create an account so we can see which channel sent you. First-party only, never shared with third parties. | 90 days |
Analytics (optional)
Only set if you click Accept all on the banner. Reject = these never get set.
| Vendor | Purpose | Data sent |
|---|---|---|
| PostHog | Product analytics (which features get used, funnel + retention) | Page views, button clicks, anonymized user id. No task content, no email bodies. |
| Google Analytics 4 | Marketing-site analytics (page views, conversions for paid-ad ROI) | Anonymized IP, page paths, referrer. Off when NEXT_PUBLIC_GA_MEASUREMENT_ID is unset, and only loads after you accept on the banner. |
How to opt out
- In-app banner: click Reject all at the bottom of any enrevia-taska.com page. Your choice persists for a year.
- Change your mind: clear cookies for enrevia-taska.com in your browser settings and the banner reappears.
- Browser-level controls: most browsers let you block third-party cookies entirely. We don't set any third-party cookies, so this won't break sign-in.
Do Not Track
We honour the Do Not Track browser signal: if your browser sends DNT=1 we treat that as an implicit Reject all and skip the banner.