Cookie Policy

InvestSign uses a small, named set of cookies and localStorage keys. We do not load any third-party tracking pixel, advertising network, or fingerprinting script.

Categories

We group storage into three categories. The first is required to run the app; the other two are opt-in and you can change your choice on this page at any time.

1. Essential

Strictly necessary for the service to function. Cannot be disabled.

• investsign.token (localStorage, session) — your JWT after sign-in. Cleared when you sign out.
• investsign.consent.v1 (localStorage, persistent) — the choices you made on the cookie banner, plus the timestamp of that choice. Acts as our consent receipt.
• theme (localStorage, persistent) — light / dark / system preference, set by next-themes.

2. Analytics — opt-in

Records page visits and coarse interactions so we can see which parts of the matrix get used. Self-hosted; no third-party tracker.

• Server-side analytics_event rows — created by POST /api/v1/analytics/event when you’ve enabled this category.
• Each row stores: a truncated IP (last IPv4 octet zeroed), the User-Agent string capped at 255 chars, the event name, the path, and any explicit properties we attached.
• Retention: 90 days, then automatically pruned.

3. Preferences — opt-in

Reserved for future per-account UI state (saved filters, expanded rows, etc.). Not yet collected — when we start using this category we’ll re-prompt for consent.

Your current choice

Right to withdraw

You can flip analytics off here at any time. After you do, we stop recording new analytics events on the next page load. Existing rows age out under the 90-day retention; if you want them deleted immediately, email privacy@investsign.io.

Related

See the Privacy Policy for the full data story and the Terms of Service for the legal frame.