Last Updated: 29. 03. 2026
Let’s be honest: nobody actually likes reading Cookie Policies, and nobody likes those massive pop-ups that ask you to accept 400 different tracking pixels.
At crossbill, we keep it incredibly simple. We use the absolute minimum number of cookies necessary to make our software work. We do not use advertising cookies, marketing pixels, or cross-site trackers to follow you around the internet.
Here is exactly what we use and why.
1. The "Essential" Cookies (Supabase Auth)
Because crossbill is a secure web application, it needs a way to remember who you are as you click around the dashboard.
We use Supabase Server-Side Rendering (SSR) cookies. These are strictly necessary for the app to function. Without them, the system would forget you were logged in every time you navigated to a new page or tried to load a reservation.
What they do: Securely store your active session token so you don't have to log in 50 times a day.
Can you opt out? No. If you block these cookies in your browser,
crossbillwill fundamentally break and you will not be able to log in.
2. Third-Party Cookies (Stripe)
When you upgrade your account and pay for a subscription, our payment processor, Stripe, handles the transaction. Stripe may place essential cookies in your browser specifically for fraud prevention and to securely process your credit card. We do not control these cookies, but they are strictly necessary for billing to function safely.
3. Analytics and Tracking
We do collect analytical data to understand how crossbill is used and to improve it. Here is exactly how — and how you can opt out:
Public marketing pages (landing, blog, pricing, contact):
We use Google Analytics 4 and PostHog to measure traffic and visitor behaviour.
These cookies are strictly opt-in. A consent banner is shown on your first visit — you can accept all, reject non-essential, or manage categories individually.
You can change your choice at any time via the Cookie preferences link in the site footer.
If you decline, no analytics or marketing cookies are loaded.
Authenticated app (dashboard, settings, admin):
We use PostHog for product analytics — pageviews, feature usage, and anonymised session replays with all text and form inputs masked.
IP addresses are anonymised, and guest data is never sent to analytics.
The legal basis is the privacy policy you accepted at signup, not a cookie banner.
You can toggle product analytics off at any time in Settings → Account → Product usage analytics. The switch takes effect immediately and clears any stored PostHog identifier on your browser.
Guest-facing pages (booking widget, guest forms, surveys, vouchers, payment pages):
No analytics, no tracking cookies, no session replay.
Your guests never receive a cookie banner from us, and we never load PostHog, Google Analytics, Meta Pixel or similar on these pages.
What we do not do:
We do not use Meta/Facebook Pixel or any advertising cookies.
We do not sell or share your browsing data with third-party advertisers.
We do not track your guests across sites.
We also log significant app actions (like creating a reservation or changing a setting) directly in our database's event_logs table. These are server-side audit logs, not cookies, and are covered in the Privacy Policy.
4. How to Control Your Cookies
You can control or delete cookies at any time through your browser settings. However, please remember that clearing or blocking our essential authentication cookies will immediately log you out of crossbill and prevent you from accessing your dashboard.