Cookie Policy
Effective Date: March 10, 2026 Last Updated: June 5, 2026
This Cookie Policy explains how RepairOps ("we," "us," or "our") uses cookies and similar technologies when you use the RepairOps platform at app.repairops.com, the customer portal, and the documentation site at docs.repairops.com.
1. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, or mobile phone) when you visit a website. They help the website remember your preferences, maintain your session, and improve your experience. Similar technologies include localStorage, sessionStorage, and HTTP authentication tokens.
2. Cookies We Use
RepairOps uses a minimal set of cookies — those necessary for the Service to function, to remember your preferences, and for first-party product analytics that help us understand how the staff application is used. We do not use advertising cookies, third-party ad/behavioral tracking, or cross-site tracking.
2a. Strictly Necessary Cookies
These cookies are essential for the Service to operate. They cannot be disabled.
| Cookie / Storage Key | Purpose | Duration | Set By |
|---|---|---|---|
sb-access-token | Supabase authentication session token | Session (expires on browser close or after configured timeout) | Supabase Auth |
sb-refresh-token | Refreshes expired access tokens without requiring re-authentication | 7 days | Supabase Auth |
sb-auth-token | Stores authentication state for Supabase client | Session | Supabase Auth |
__Host-next-auth | Next.js session cookie for SSO/SAML flows (Enterprise tier only) | Session | Next.js |
csrf-token | Protects against cross-site request forgery attacks | Session | RepairOps |
2b. Functional Cookies
These cookies remember your preferences and settings to provide a better experience. You can disable these, but some features may not work as expected.
| Cookie / Storage Key | Purpose | Duration | Set By |
|---|---|---|---|
theme | Remembers your dark/light mode preference | 1 year | RepairOps |
sidebar-collapsed | Remembers whether the navigation sidebar is collapsed or expanded | 1 year | RepairOps |
shop-context | Remembers which shop location you last selected (multi-shop organizations) | Session | RepairOps |
kanban-filters | Remembers your Kanban board filter preferences | Session | RepairOps |
locale | Remembers your language/locale preference | 1 year | RepairOps |
2c. Customer Portal Cookies
The customer portal uses token-based authentication (not Supabase Auth). These cookies are set when a customer accesses their repair status.
| Cookie / Storage Key | Purpose | Duration | Set By |
|---|---|---|---|
portal-token | Customer portal access token (32-byte hex) | 90 days (matches token expiry) | RepairOps |
portal-theme | Customer's dark/light mode preference in the portal | 1 year | RepairOps |
2d. Shop Floor Display Cookies
Shop floor displays use a separate authentication mechanism.
| Cookie / Storage Key | Purpose | Duration | Set By |
|---|---|---|---|
display-token | Shop floor display access token | Persistent (until revoked) | RepairOps |
2e. Product Analytics Cookies (PostHog)
RepairOps uses PostHog, a product-analytics tool, deployed as a first-party processor to understand how staff users move through the application (for example: signup, onboarding, and feature adoption). PostHog is configured for privacy: automatic event capture is off, session recording is disabled, we send only internal user/organization/shop identifiers and coarse, non-sensitive usage properties, and we honor the Do Not Track (DNT) signal. We do not enable PostHog analytics on the customer portal or shop-floor display surfaces.
| Cookie / Storage Key | Purpose | Duration | Set By |
|---|---|---|---|
ph_*_posthog | Stores an anonymous/internal analytics identifier so usage events can be grouped into a session | 1 year | RepairOps (PostHog) |
You can opt out of product-analytics cookies at any time using your browser's Do Not Track setting; see Section 6.
3. Cookies We Do NOT Use
To protect your privacy, RepairOps does not use:
- Advertising cookies — No Google Ads, Facebook Pixel, or ad network cookies
- Cross-site / third-party tracking — No cross-site tracking, ad networks, or behavioral advertising profiles
- Third-party analytics that share your data — No Google Analytics, and no analytics tool that resells or shares your data for advertising. Our product analytics (PostHog, see Section 2e) is first-party, used solely to improve the Service, and is not used for advertising or cross-site tracking.
- Social media cookies — No Facebook, Twitter, or LinkedIn tracking widgets
- Fingerprinting — No browser fingerprinting or device identification beyond standard session management
Our product analytics is limited to the staff-facing application. We do not run behavioral analytics on the customer portal, shop-floor displays, payment screens, or other sensitive surfaces.
4. Third-Party Cookies
The following third-party services may set cookies when you interact with embedded features:
| Service | When Set | Purpose | Their Policy |
|---|---|---|---|
| Stripe | When you visit the billing page or payment forms | Payment processing session | Stripe Cookie Policy |
| Google OAuth | When you sign in with Google | Authentication handshake | Google Privacy Policy |
These cookies are set by the respective third parties and governed by their privacy policies. RepairOps does not control these cookies.
5. localStorage and sessionStorage
In addition to cookies, RepairOps uses browser storage APIs for application state:
| Key | Storage Type | Purpose |
|---|---|---|
supabase.auth.token | localStorage | Persists authentication state across page reloads |
kanban-column-order | localStorage | Remembers custom Kanban column ordering |
recent-tickets | sessionStorage | Caches recently viewed ticket IDs for quick navigation |
draft-notes | sessionStorage | Auto-saves unsaved diagnostic notes to prevent data loss |
These are not transmitted to our servers and are stored only in your browser.
6. Managing Cookies
Browser Settings
You can manage cookies through your browser settings:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies and Site Data
- Safari: Preferences > Privacy > Manage Website Data
- Edge: Settings > Cookies and Site Permissions
Impact of Disabling Cookies
If you disable strictly necessary cookies, you will not be able to log in or use the Service. If you disable functional cookies, some preferences (like dark mode) may not persist between sessions.
Do Not Track
RepairOps respects the Do Not Track (DNT) browser signal. Since we do not use tracking cookies, DNT has no practical effect on our cookie behavior — we already do not track you.
7. Updates to This Policy
We may update this Cookie Policy to reflect changes in our practices or for legal, regulatory, or operational reasons. Changes will be posted on this page with an updated "Last Updated" date. Material changes will be communicated via email or in-app notification.
8. Contact Us
For questions about our use of cookies:
- Email: [email protected]
- Support: [email protected]