Cookie Policy
Last updated: 2026-06-14
This page lists every cookie Permafrost EPM may set in your browser, what each one is for, and how long it lasts. Essential cookies are strictly necessary to operate the service, and preference cookies store your local settings. On our public website we offer Google Analytics for traffic measurement and Microsoft Clarity for anonymous usage insights (heatmaps and session replay), but they load only if you opt in through the cookie banner; decline and you keep browsing with no analytics, and you can change your choice anytime. We use no advertising cookies and no marketing trackers, and analytics never runs in the signed-in application.
Cookies we use
| Cookie | Purpose | Retention | Type |
|---|---|---|---|
__Host-authjs.csrf-token | CSRF protection on the sign-in form | Session | Essential |
__Secure-authjs.session-token | Authenticated session for signed-in users | 30 days | Essential |
__Secure-authjs.callback-url | Post-signin redirect target | Session | Essential |
permafrost_op_impersonate | Operator impersonation context (admin-only) | 2 hours | Essential |
permafrost-theme | Your light or dark theme preference | 1 year | Preference |
permafrost-cookie-acknowledged | Records your analytics choice (accept or decline) | 6 months | Preference |
_ga | Google Analytics — distinguishes visitors. Set only after you opt in, on public-site visits (never in the signed-in app). | Up to 2 years | Analytics |
_ga_<id> | Google Analytics — persists session state. Set only after you opt in, on public-site visits (never in the signed-in app). | Up to 2 years | Analytics |
_clck | Microsoft Clarity — retains an anonymous Clarity user id to aggregate heatmaps and usage insights. Set only after you opt in, on public-site visits (never in the signed-in app). | 1 year | Analytics |
_clsk | Microsoft Clarity — links page views into one session for heatmaps and session replay. Set only after you opt in, on public-site visits (never in the signed-in app). | 1 day | Analytics |
Our own analytics infrastructure is privacy-first and runs server-side: it stores no IP addresses, honors Do-Not-Track and Global Privacy Control, and shares nothing with third parties. On the public website we additionally offer Google Analytics (traffic measurement) and Microsoft Clarity (anonymous heatmaps and session replay) — both consent-gated, never advertising.
Analytics on the public site
Google Analytics and Microsoft Clarity are off by default and load only after you choose Accept in the cookie banner. Choose Decline and neither is requested — you keep browsing the site exactly as before. We also honor browser Do-Not-Track and Global Privacy Control signals as a standing decline, so visitors who send those are never shown the banner and never loaded with analytics. Analytics does notrun in the signed-in application — a customer's use of the product is never sent to Google or Microsoft.
To change your choice or withdraw consent at any time, use the Cookie preferences link in the site footer; the banner re-appears and analytics stays off until you opt in again. Clearing your browser cookies has the same effect (and also signs you out and resets your theme preference); the service otherwise continues to function.
Contact
Questions about this policy: support@permafrostepm.com.