Cookie Policy
What we store on your device, why, and how to control it. We run analytics in cookieless mode by default, so no consent is required for the baseline experience. Last updated 2026-07-07.
What cookies are
Cookies are small text files a website stores on your device. We also use similar technologies (localStorage, sessionStorage, in-memory identifiers) for the same purposes. Throughout this policy, "cookies" refers to all of these.
What we do and do not do by default
By default, when you load any annnimate.com page, we set only strictly-necessary cookies plus our analytics tool running in cookieless mode. No analytics cookie or localStorage entry is written to your device unless you explicitly opt in via the cookie preferences modal in our footer.
Under § 25 of the German TDDDG (Telekommunikation-Digitale-Dienste- Datenschutz-Gesetz) and Article 5(3) of the ePrivacy Directive, no consent is required for strictly-necessary cookies, and no consent is required for our default cookieless analytics configuration because nothing is stored on your device.
Categories of cookies we use
Strictly necessary (no consent needed)
Required for the website to work. Without them, you can't sign in, check out, or have your consent choices remembered.
Functional (consent-based)
Optional cookies that improve your experience — like remembering your preferred theme or chat-widget state. Only set after you opt in via the preferences modal.
Analytics — cookieless by default
We use PostHog for product analytics. By default, PostHog runs in cookieless mode: it stores nothing on your device. If you opt in via the preferences modal, we upgrade to full mode and PostHog sets cookies and localStorage to identify return visits and optionally record sessions.
Referral
We do not use advertising or cross-site tracking cookies. The one exception is a single first-party referral cookie (anm_ref), described in the full list below. It is set only if you arrive through a partner's link, stores only that partner's code and the time you arrived, and is used solely to credit that partner for referring you. It is never shared, never combined with other data, and never used to profile you or track you across other websites.
The full list
Authentication, checkout, consent
- sb-access-token (Supabase) — authenticated session. Expires when you sign out or after 1 hour without renewal.
- sb-refresh-token (Supabase) — refreshes your session for up to 7 days.
- __stripe_mid (Stripe) — fraud-prevention identifier set only on checkout pages. Expires after 1 year.
- __stripe_sid (Stripe) — short-lived checkout identifier. Expires after 30 minutes.
- annnimate_consent — your cookie preferences. Expires after 1 year.
- anm_anon_id — a random identifier set only when you vote or submit a suggestion on the roadmap without an account. It prevents duplicate votes and remembers what you voted for. It is not used for analytics or tracking and is never combined with other data. Expires after 1 year.
- anm_lead_email — the email address you entered, set only when you subscribe to the newsletter, request the Starter Pack, send a contact message, leave a reply email on a roadmap suggestion, or enter your email when starting a checkout. Used solely to prefill the checkout email field and to deliver your receipt and sign-in link. Not used for analytics or tracking. Expires after 30 days.
Partner attribution
- anm_ref — set only if you arrive through a partner's referral link. Stores the partner's code and the time you arrived, so that if you later purchase we can pay that partner their agreed referral commission. First-party, never shared, never used for advertising or cross-site tracking, and never combined with other data about you. Expires after 60 days.
Set when you enable full mode
- ph_* (PostHog) — PostHog identity, session, and event-queue entries. Expires after 1 year.
- ph_*_localStorage / sessionStorage — same purpose as the cookies, persisted in browser storage.
Set when you enable functional cookies
- crisp-client/* (Crisp) — keeps your live-chat session continuous across pages. Loaded and set only after you enable functional cookies in the preferences modal. Expires after 6 months.
Reverse-proxy path
Third parties
The processors that set or read cookies through our website are listed in our Privacy Policy. Each has its own privacy policy and we maintain a data processing agreement with each.
How to manage your cookies
You can change your preferences any time:
- Click the cookie preferences link in our footer to open the consent modal. Toggle analytics and functional cookies on or off.
- Use your browser's privacy settings to block or delete cookies. Note that blocking essential cookies will break sign-in and checkout.
- If you signed in via magic link, signing out clears authentication cookies.
Revoking analytics consent immediately stops new analytics cookies being set and clears existing ones on your next page load.
Updates to this policy
We update this policy whenever the cookies we use change. The "last updated" date at the top of the page reflects the most recent revision. Material changes (new categories, new third parties) are announced in our changelog and via email to active subscribers.
Questions
Email support@annnimate.com with any questions about cookies or other data practices.
