Cookie Policy
Cookies & similar technologies
Last updated: May 2026
This page tells you exactly which cookies and similar local-storage entries Penroll uses, what each one is for, and how long it sticks around. We split them into four categories — strictly necessary, functional, analytics, and marketing — because EU ePrivacy rules (and our values) require opt-in for everything except the strictly necessary set.
You can change your choices at any time by clicking (also linked in the footer of every page).
The four categories
Strictly necessary
Required for the product to workWithout these cookies the product cannot function. They store your sign-in session, your locale, and your cookie-consent choices.
Functional
Off by default — turn on to opt inPersonalisation cookies — remembering view preferences, recently-used data, that sort of thing. The product works without them but you’ll re-configure preferences each visit.
Analytics
Off by default — turn on to opt inAggregated usage data so we can see which features are useful and which pages drop off. We use privacy-preserving providers (PostHog with EU hosting, or Plausible) — no IP storage, no cross-site profiling.
Marketing
Off by default — turn on to opt inConversion pixels from ad platforms (LinkedIn, Meta, Google Ads) so we know which campaigns drive real customers. Only loaded when you accept this category.
The full list
| Cookie | Category | Purpose | Duration | Party |
|---|---|---|---|---|
| sb-* (Supabase auth) | Strictly necessary | Keeps you signed in. Without it the dashboard cannot remember who you are between page loads. | Session + refresh-token expiry (~1 year) | First-party |
| penroll_locale | Strictly necessary | Remembers your chosen UI language (EN / LT / DE) so we can serve the right localised page server-side. | 1 year | First-party |
| penroll_demo_active | Strictly necessary | Marks an active demo session — used to scope the demo workspace and to short-circuit the auth guard for the shared demo user. | 30 minutes | First-party |
| penroll_cookie_consent | Strictly necessary | Stores your cookie-consent choices so we don’t ask again on every visit. | 6 months | First-party |
| penroll_prefs | Functional | Remembers UI preferences like the chosen view (Kanban / list) on the job page and the recently-used office address. | 1 year | First-party |
| PostHog / Plausible | Analytics | Aggregated, GDPR-compliant product analytics: what pages get used, where funnels drop off, which features are sticky. Never used to identify individuals. | Up to 13 months | Third-party (loaded only if you accept Analytics) |
| LinkedIn Insight / Meta Pixel | Marketing | Conversion tracking for paid acquisition campaigns. Only fires for visitors who arrived from a paid ad. | Up to 90 days | Third-party (loaded only if you accept Marketing) |
How we use the data we collect
- Product analytics: measuring which features get used, where users drop off, and which onboarding steps need work. Aggregated, never individual.
- Funnel attribution: understanding which marketing channels send real customers vs. tire-kickers. Only relevant if you accept the Marketing category.
- Bug triangulation: when a customer reports an error, replaying their session helps us reproduce the issue without asking them to walk us through every click.
- Pricing & UI experiments: A/B tests on landing page copy, pricing layouts, and onboarding flows. Lets us iterate based on data instead of guesses.
What we will never do
- Sell your data to data brokers, ad networks, or anyone else.
- Use analytics cookies to build cross-site advertising profiles.
- Track candidates outside the application form they consented to. Candidate cookies live only inside the application flow.
- Set analytics or marketing cookies before you give explicit consent.
Browser controls
You can also delete cookies and block future ones via your browser settings. Helpful links:
Contact
Questions or want a category-by-category list of every third-party service? privacy@penroll.app