← Home

COOKIE POLICY

Cookie policy

Mostly we don't use them. Here's the short list.

Last updated 2026-05-04


1. Introduction

GoSuper uses very few cookies. This page explains which ones, why, and how to disable them. We use PostHog for analytics in identified-only mode — no cookies are set for anonymous visitors.

2. Cookies we set

Today, only one. When we ship more, this list grows.

  • csrfSecret — set by the framework on every response to prevent cross-site request forgery on the contact form. Strictly necessary, expires at end of session, no personal data.

Cookies we'll add when those features ship:

  • gs_pv (1-year expiry) — pricing-variant assignment for A/B testing. Stores one of "low", "mid", or "high" so you see the same prices across visits. No personal data.
  • session (when accounts ship) — keeps you logged in. Strictly necessary for authenticated routes.

3. Analytics

We use PostHog for analytics. PostHog runs in identified-only mode, meaning it sets no cookies and stores no personal profile until you actively identify yourself (e.g. by submitting the waitlist form). Anonymous visitors are recorded as aggregate counts only. PostHog data is hosted in the United States.

You can read more on posthog.com/privacy.

4. Your choices

Browsers let you block cookies. Doing so will break the contact form (CSRF protection requires it) but everything else still works. We don't run a cookie-consent banner because we're not setting cookies that need consent.

5. Contact

Cookie questions: hello@gosuper.ai. For everything else, see the contact form.