publr

Cookie policy

What cookies and similar technologies we use, why, and how to control them.

Effective:

What is a cookie?

Cookies are small text files stored by your browser that let a website remember information about your session — for instance, that you're signed in. We also use related technologies like localStorage and sessionStorage for the same purposes. This policy covers all of them.

The cookies we use

Strictly necessary

These are required for the site to function. You cannot disable them without breaking sign-in.

  • Clerk session (__session, __client) — keeps you signed in. Set by our authentication provider, Clerk. First-party, secure, HttpOnly. Lasts up to 7 days; refreshes on each visit.
  • Cloudflare bot management (__cf_bm) — distinguishes humans from bots. First-party, lasts 30 minutes per visit. Required for fraud prevention.
  • Stripe checkout (__stripe_mid, __stripe_sid) — set on the Stripe-hosted checkout page only. Required for fraud prevention by our payment processor.
  • Cloudflare Turnstile (cf_clearance) — used during the human-verification challenge on anonymous uploads. First-party, lasts 30 minutes.

Functional

These improve the experience but are not strictly required.

  • Theme preference (publr.theme, localStorage) — remembers light/dark mode. First-party. Lasts indefinitely (cleared on sign-out or by clearing site data).
  • Language preference (publr.lang, localStorage) — remembers your selected locale (pt-BR or en-US). First-party.

Analytics

We use privacy-preserving analytics. None of these cookies store personally-identifiable information.

  • Amplitude device ID (amp_*, localStorage) — anonymous device identifier for product analytics in the dashboard. Set on the dashboard and admin domains only; not on the marketing site or public URLs. Retention: 12 months.
  • Public-URL analyticsno cookie is set on visitors of publr.site URLs. Analytics derive from a daily-rotated salt + IP + UA, hashed before storage. We never set tracking cookies on visitors of public URLs.

Marketing

We do not use cookies for cross-site tracking, retargeting or programmatic advertising. We don't include third-party ad networks (Google Ads, Facebook Pixel, TikTok Pixel, etc.) on any page.

How to control cookies

You can clear, block or limit cookies in your browser settings. Disabling strictly-necessary cookies will break sign-in but will not affect your ability to view public publr URLs.

You can also opt out of non-essential analytics in the dashboard at Account → Privacy → Analytics. Doing so disables Amplitude tracking for your account.

Do Not Track and Global Privacy Control

We respect Global Privacy Control (GPC) signals. When your browser sends a GPC header, we treat it as an opt-out from non-essential tracking — this disables Amplitude on the dashboard for your visit. We honour DNT: 1 the same way for legacy browsers.

Updates to this policy

If we add a new cookie or change retention windows, we update this page and (for material changes) ping you in the dashboard. The effective date at the top reflects the latest update.

Questions?

Cookie-related queries: privacy@publr.host. For everything else, our privacy policy goes deeper into what data we hold and your rights under LGPD and GDPR.