Portlo Cookie Policy — What We Track and Why

Cookie Policy

Last updated March 27, 2026. This policy explains how Portlo uses cookies and similar technologies, and how you can manage your preferences.

1. What are cookies?

Cookies are small text files stored on your device when you visit a website. They help the site remember your preferences, keep you signed in, and understand how you use the service. Similar technologies include local storage and session storage, which function in a comparable way.

2. How we use cookies

Portlo uses cookies and similar technologies for the following purposes: Essential (strictly necessary): These cookies are required for the Service to function. They cannot be disabled without breaking core functionality. Analytics (performance): These cookies help us understand how users interact with the Service so we can improve it. They are only set if you consent. You can manage your preferences using the cookie consent banner shown on your first visit, or by adjusting your browser settings.

3. Essential cookies

These cookies are necessary for the Service to operate and are set automatically. They include: Authentication cookies: Used by Firebase to maintain your signed-in session. These persist until you sign out or the session expires. Portal access cookies (portal_access_*): Set when a client verifies their identity to access a portal. Contains a token with the portal ID and verified email. Expires when the browser session ends. Cookie consent (portlo_cookie_consent): Stores your cookie preference choice ("all" or "essential"). Stored in local storage and persists until cleared. CSRF and security cookies: Used to protect against cross-site request forgery and other security threats.

4. Analytics cookies

We use PostHog for product analytics. PostHog cookies are only set when you accept analytics cookies through our consent banner. PostHog is configured with person_profiles set to "identified_only," meaning anonymous visitors are not tracked with persistent identifiers. Analytics data helps us understand which features are used, identify usability issues, and improve the Service. Analytics cookies typically expire after 12 months.

5. Third-party cookies

When you interact with certain features, third-party services may set their own cookies: Stripe: When processing payments (subscription billing or client invoice payments), Stripe may set cookies for fraud detection and payment security. These are governed by Stripe's cookie policy. Firebase (Google): Authentication services may use cookies to manage sessions. These are governed by Google's privacy policy. We do not use cookies for advertising or cross-site tracking.

6. Managing your cookies

You have several options for managing cookies: Consent banner: On your first visit, you can choose "Accept all" or "Essential only." Your choice is remembered for future visits. Browser settings: Most browsers allow you to block or delete cookies through their settings. Note that blocking essential cookies will prevent the Service from functioning correctly. Common browser cookie settings: - Chrome: Settings > Privacy and security > Cookies - Firefox: Settings > Privacy & Security > Cookies - Safari: Preferences > Privacy > Cookies - Edge: Settings > Privacy, search, and services > Cookies To reset your cookie preferences on Portlo, clear your browser's local storage for portlo.io.

7. Your rights (EEA/UK users)

Under the EU General Data Protection Regulation (GDPR) and the UK GDPR, you have the right to: - Consent to or refuse non-essential cookies - Withdraw your consent at any time - Request information about what data cookies have collected - Request deletion of cookie-related data Under the ePrivacy Directive, we will only set non-essential cookies after obtaining your consent. Essential cookies that are strictly necessary for the Service do not require consent. For users in other jurisdictions, we respect applicable local privacy and cookie laws, including the California Consumer Privacy Act (CCPA) and Brazil's LGPD.

8. Cookie retention periods

Essential cookies: Session-based (cleared when you close your browser) or persistent for up to 30 days for authentication sessions. Analytics cookies: Up to 12 months from the date they are set. Consent preference: Stored in local storage until you clear it manually. Third-party cookies: Retention periods vary by provider. Refer to Stripe's and Google's respective cookie policies for details.

9. Changes to this policy

We may update this Cookie Policy to reflect changes in the cookies we use or for legal or regulatory reasons. Material changes will be communicated through the Service. The "Last updated" date at the top indicates when this policy was last revised.

10. Contact us

If you have questions about our use of cookies, contact us at legal@portlo.io.