Cookie Policy
This Cookie Policy explains how the Water Hawk service (the "Service") and the marketing properties at waterhawk.io use cookies and similar storage technologies. It supplements the Privacy Policy.
A "cookie" is a small text file stored by your browser at the request of a web page. Similar technologies (web storage, IndexedDB, server-set HTTP-only tokens) play similar roles. For brevity, this document calls them all "cookies."
1. Categories we use
1.1 Strictly necessary
These cookies are required for core functionality of the Service. They cannot be turned off through any consent control. Disabling them in the browser will break sign-in, session continuity, and security features.
| Name | Purpose | Retention |
|---|---|---|
better-auth.session | Authenticated session token | Session lifetime |
wh-csrf | Cross-site-request-forgery defense | Session lifetime |
wh-organization-active | Active organization for users in multiple orgs | Session lifetime |
1.2 Functional
These cookies remember preferences that improve the user experience but are not required for the Service to function. Disabling them resets preferences on each visit.
| Name | Purpose | Retention |
|---|---|---|
wh-theme | Visual theme preference | 1 year |
wh-watchlist-states | Default state filter on the bid calendar | 90 days |
1.3 Analytics (opt-in)
These cookies help us understand how the Service is used in aggregate, to improve product quality and content. They are set only after the user opts in through the consent banner. We do not use analytics cookies for advertising or for cross-site tracking.
| Name | Purpose | Retention |
|---|---|---|
wh-analytics | First-party analytics identifier | 13 months |
We do not use third-party advertising networks, behavioral advertising trackers, or cross-site identity graphs.
2. Consent and choice
Where required by applicable law (in the EU, UK, Switzerland, and certain U.S. states), we present a consent banner on first visit. The banner allows the user to accept analytics cookies, decline analytics cookies, or close the banner without selection. Strictly-necessary cookies are not subject to the consent banner.
The user may withdraw consent at any time by clearing the analytics cookie in the browser, by clicking the "Cookie preferences" link in the marketing footer, or by emailing [email protected] with the request.
3. Do Not Track
Some browsers send a "Do Not Track" signal. The Service treats a Do Not Track signal as a withdrawal of consent for analytics cookies. The Service does not rely on Do Not Track for strictly-necessary cookies because those cookies are required for core functionality.
4. Subprocessors
The Service uses the following subprocessors that may set cookies on the Service's behalf:
- Stripe for payment processing on the billing surface. Stripe sets cookies necessary for fraud prevention and payment continuity. See Stripe's cookie disclosures for details.
- Resend for transactional email delivery. Resend does not set cookies on the Service.
- Cloudflare for content delivery and DDoS protection. Cloudflare may set strictly-necessary cookies to identify legitimate traffic.
A current list of subprocessors and their cookie disclosures is available on request to [email protected].
5. Changes
We will post any material change to this policy and notify Customer at least thirty (30) days before the change takes effect, consistent with Terms of Service Section 14.