Cookie Policy
Last Updated: 19 May 2026
This Cookie Policy explains how Vaultlet LLC ("Vaultlet," "we," "us," or "our") uses cookies and similar browser-storage technologies on our platform.
What Are Cookies?
"Cookies" is a common term for small pieces of data a website stores on your device. In this policy we use it broadly to also cover similar technologies such as localStorage and sessionStorage, which work the same way from a privacy standpoint and are treated identically under EU and UK law.
What We Currently Store
We aim to keep client-side storage to the minimum required to run the product. Today, that is:
Essential
These are required for Vaultlet to work and for us to honor your privacy choices. They cannot be turned off.
| What | Where | Why |
|---|---|---|
| Your cookie consent decision | localStorage | Remembering whether you accepted, rejected, or customized this banner. |
| Your active session, when you sign in | localStorage / sessionStorage | Keeping you signed in and remembering the work in progress on the current page (e.g., selected documents, current Vaultlet request). |
Functional (off by default)
If you turn this on in the consent banner, we may use additional localStorage entries to remember your preferences across sessions - for example, dark-mode preference or recently used items. We do not use functional storage unless you opt in.
Analytics
We use PostHog to understand how the product is used in aggregate - for example, which pages are visited, how often features are used, and where errors occur. This helps us prioritize improvements.
PostHog is hosted in the European Union (eu.i.posthog.com); analytics data does not leave the EU. PostHog stores its state in your browser's localStorage under keys prefixed ph_ and __ph_ (for example ph_<project-token>_posthog, which holds an anonymous device ID and session state, and __ph_opt_in_out_<project-token>, which records your opt-out choice). PostHog does not require third-party cookies in our configuration.
We do not pass identifiers that would let PostHog link analytics events to your Vaultlet account.
Current state of the consent gate. While we complete the integration, PostHog initializes on page load and you are opted in by default. You can opt out at any time:
- From the cookie banner, reject the analytics category. Your choice is stored in
vaultlet.cookie-consentand we will honor it once the banner is fully wired to PostHog. - Run
posthog.opt_out_capturing()from your browser's developer console, which sets__ph_opt_in_out_<project-token>=0and stops further capture on this device. - Clear all
ph_*and__ph_*entries from your browser's site data and use private browsing to keep them from being re-created.
We will update this section, and bump the consent banner version, once the cookie banner directly gates PostHog initialization.
Third-Party Storage
The following third party may set storage on our pages:
| Provider | Purpose | More information |
|---|---|---|
| PostHog (EU-hosted, Inc.) | Aggregated product usage analytics, hosted in the EU | PostHog Privacy Policy |
If we add other third-party integrations in the future (for example, an authentication provider), we will list them here before the integration is enabled.
Your Choices
In the banner
You can accept all categories, reject all optional categories, or customize per category from the cookie banner that appears on your first visit. Your choice is stored on your device and applies across the Vaultlet apps. To change it later, clear the vaultlet.cookie-consent entry from your browser's site data and reload - the banner will re-appear.
In your browser
You can also control cookies and storage through your browser settings. Most browsers let you:
- View what's stored for a site
- Delete individual entries or all of them
- Block specific origins or all third parties
Blocking essential storage may prevent the platform from functioning - for example, you may not be able to stay signed in.
Storage Duration
- Session storage: cleared when you close the browser tab.
- Persistent storage (
localStorage): remains on your device until you delete it or change your consent choice.
Authentication state, when present, expires after a period of inactivity defined by the auth provider in use at the time.
Do Not Track
We do not currently respond to "Do Not Track" browser signals. You can control storage through the cookie banner or your browser settings as described above.
Updates to This Policy
We may update this Cookie Policy as the product changes. When we do, we'll bump the consent banner version so you're asked again on your next visit.
Contact Us
If you have questions about our use of cookies, please contact us:
Vaultlet LLC 148 South Jackson Street, Denver, CO 80209 USA