Cookie Policy
Last updated: 06/05/2026
This Cookie Policy explains how Diglot OÜ (“Diglot”, “we”, “us”) uses cookies and similar technologies on diglot.ai, in our web editor, browser extensions, and other surfaces of the Service. It complements our Privacy Policy and the Terms of Service.
1. What cookies and similar technologies are
A cookie is a small text file that a website stores on your device when you visit it. Similar technologies — local storage, session storage, pixels, and SDK identifiers — work in comparable ways. We use the word “cookies” in this policy as a shorthand for all of them.
2. The categories we use
Cookies on our sites fall into four categories. Strictly necessary cookies are always on; everything else is off by default and only set after you opt in via the cookie banner or in Settings → Privacy → Cookies.
| Category | What it does | Default | Examples on Diglot |
|---|---|---|---|
| Strictly necessary | Core functions: signing in, keeping your session, security, load-balancing, fraud prevention at checkout | Always on | Supabase Auth session cookie, Cloudflare security cookies, Polar checkout session |
| Functional / preferences | Remember language, theme, dismissed dialogs | On (with notice) | UI language, theme, dismissed onboarding tips |
| Analytics | Understand which features are used and where users get stuck — to improve the product | Off until consent | PostHog (with IP anonymisation) |
| Marketing / advertising | Reach users who have visited Diglot, measure campaign performance | Off until consent | Currently none. If we ever turn this on we will list the providers here and ask separately. |
We do not currently use third-party advertising or cross-site tracking pixels. If that changes we will update this page and request fresh consent.
3. Specific cookies you may see
| Name (prefix) | Provider | Category | Purpose | Lifetime |
|---|---|---|---|---|
sb-…-auth-token | Supabase | Strictly necessary | Keeps you signed in | Session / up to 7 days |
__cf_bm, cf_clearance | Cloudflare | Strictly necessary | Bot management, DDoS protection | 30 minutes – 1 year |
polar_* | Polar.sh | Strictly necessary | Maintains the secure payment session at checkout | Session |
diglot_consent | Diglot | Strictly necessary | Stores your cookie-banner choices | 6 months |
diglot_locale, diglot_theme | Diglot | Functional | Remembers UI language and theme | 12 months |
ph_* | PostHog | Analytics | Product analytics; events tied to a hashed device id, IPs anonymised | Up to 12 months |
sentry_* (transient) | Sentry | Strictly necessary | Correlate front-end errors with a session for debugging | Session |
The list above is illustrative; the actual cookies set on a given visit depend on the page, your plan, and your consent choices. The current cookies are always disclosed via your browser’s developer tools.
4. Your choices
- Cookie banner — on your first visit you’ll see a banner with Accept all, Reject all, and Manage preferences at the same level of prominence. Rejecting all non-essential cookies is one click and does not break the Service.
- In-product — change your choices any time at Settings → Privacy → Cookies.
- Browser-level — most browsers let you delete or block cookies. Blocking strictly necessary cookies will prevent you from signing in.
- Global Privacy Control (GPC) — if your browser sends a GPC signal, we treat it as an opt-out of analytics and of any “sale” or “sharing” of personal data under U.S. state privacy laws.
- Do Not Sell or Share My Personal Information — for California and other U.S. states, use the link in the website footer. (As noted in our Privacy Policy, we do not sell or share your data, but we honour the request and the GPC signal regardless.)
5. Consent and the EU / UK ePrivacy framework
Where the EU ePrivacy Directive and GDPR apply, consent for non-essential cookies is collected on an opt-in basis: no boxes are pre-ticked, the Reject all option is as easy to use as Accept all, and we re-ask for consent at most every 12 months or when a material new category is introduced.
6. Third-party services
Some cookies are set by our service providers (“subprocessors”), not by Diglot directly. The full list is at /subprocessors and includes Cloudflare, Supabase, PostHog, Sentry, and Polar.sh. When you interact with content embedded from third parties (for example, a YouTube video on a blog post), those providers may set their own cookies under their own privacy policies.
7. Updates to this Cookie Policy
We may update this Cookie Policy when our cookie use, the underlying tools, or applicable law changes. The “Last updated” date at the top reflects the current version. Material changes — for example introducing a new category of cookies or a new provider — will be communicated via the cookie banner and a notice in the product.
8. Contact
Questions about this Cookie Policy or how to exercise your rights:
- Privacy / cookies: legal@diglot.ai
- General support: support@diglot.ai
Diglot OÜ — registered in the Republic of Estonia.
