Cookie Policy — Signal Mama

The short version

In plain English

Inside the authenticated app: only the cookies we need to keep you logged in and remember your workspace. On marketing pages: one first-party analytics tool that doesn't use cookies. No ad-tech, no retargeting, no fingerprinting, no cross-site tracking.

This page exists because cookie law (ePrivacy in the EU, comparable rules in the UK and California) requires us to tell you what cookies we set and give you a way to opt out. We've kept the list short on purpose — every cookie on this page is one we couldn't avoid using to run the product.

What is a cookie?

A cookie is a small text file a website stores in your browser. The next time you visit, the browser sends the file back so the site can recognize you. Cookies are how a site remembers that you're logged in, what workspace you were in, or which features you toggled.

Cookies set by the site you're visiting are called first-party. Cookies set by a different site loaded inside the page (like an ad network or a tracking pixel) are called third-party. We use first-party only.

Related technologies — local storage, session storage, browser fingerprinting, tracking pixels — work differently but raise the same privacy questions. Where we use them (or don't), this page says so explicitly.

Cookies inside the app

In plain English

Strictly-necessary cookies only. They keep you logged in, protect form submissions from CSRF attacks, and remember which workspace you opened last. No analytics or marketing cookies run inside the authenticated Mama application.

What we set

Session cookie — keeps you signed in across page loads. Cleared when you log out or when the session expires.
CSRF token — proves a form submission came from a real page (not a malicious site). Required for security.
Workspace preference — remembers which workspace you opened last, so you don't have to re-pick it every time.
UI preferences — small things like sidebar collapsed/expanded, sort order on tables, theme choice. Stored in local storage, not cookies.

What we don't set

No analytics cookies inside the app — we don't track in-product behavior with cookies.
No marketing or retargeting cookies — the app never talks to ad networks.
No third-party cookies — every cookie set inside the app is on the signalmama.com domain.

Cookies on marketing pages

In plain English

We use Plausible Analytics — a first-party, cookie-less, privacy-friendly tool — to understand which marketing pages get traffic. No cookies are set. No IP addresses are stored. No cross-site tracking.

Plausible Analytics

We run Plausible Analytics on marketing pages (everything outside the authenticated app) to understand which pages people read, what referrers send traffic, and roughly which country visitors come from. Plausible was chosen specifically because it does not use cookies and does not require a consent banner under GDPR.

No cookies are stored in your browser.
No personal data — full IP addresses are hashed and discarded; only the country is kept.
No cross-site tracking, no fingerprinting, no device IDs.
Data is hosted in the EU and never transferred outside.

Plausible's public documentation describes their full data model at plausible.io/data-policy.

Third-party tracking (what we don't do)

We list the things we deliberately don't do, because saying so is more useful than reciting the things we don't:

No Google Analytics, Google Tag Manager, or Facebook Pixel.
No advertising cookies or retargeting pixels from LinkedIn, Twitter/X, Meta, TikTok, Reddit, or anyone else.
No session-replay tools (Hotjar, FullStory, LogRocket) that record what you click or type.
No third-party chat widgets that drop tracking cookies (Intercom, Drift, etc.).
No browser fingerprinting — we don't use canvas, WebGL, or device-feature probes to identify devices.

The only third-party assets a marketing page loads are Google Fonts (fetched once and cached by your browser; no identifying data sent) and our own static assets on the same domain.

How to opt out

In plain English

Inside the app, the cookies are required for the app to work — opting out means signing out. For marketing pages, you can send a Do Not Track header or block plausible.io in your browser; either will stop analytics from recording the visit.

Strictly-necessary app cookies

These can't be disabled while you're signed in — they exist to keep you signed in and to protect form submissions. If you don't want them, sign out, and they'll be cleared at the end of your session. If you want every trace removed, clear your browser's cookies for signalmama.com.

Marketing-page analytics

Three ways to opt out:

Enable Do Not Track (DNT) in your browser. Plausible honors the header — visits with DNT enabled are not recorded.
Block plausible.io in your browser or with an extension (uBlock Origin, Privacy Badger, Brave Shields all block it by default).
Use a browser that blocks third-party requests by default (Brave, Safari with strict tracking prevention, Firefox with strict mode).

Browser cookie controls

Every major browser lets you view, block, and delete cookies — and lets you allowlist or blocklist specific sites. Documentation:

Chrome · Firefox · Safari · Edge · Brave

Blocking strictly-necessary cookies for signalmama.com will prevent the app from working (you won't be able to stay signed in). Blocking everything else is fine — the app is built to work without them.

Changes & contact

We'll update this page when the cookies or analytics we use change. The "last updated" date at the top tracks the most recent revision. Material changes (adding a new analytics tool, adding a tracking cookie, anything that changes what data is collected) are also called out in the changelog.

Questions about cookies, this policy, or anything privacy-adjacent — email [email protected]. We aim to respond within 5 business days.