Cookie Policy
Galeira uses necessary cookies and browser storage to make the product work. Optional analytics tools load only after you choose analytics in the cookie banner. Marketing pixels are not active today.
Necessary cookies and browser storage
| Name | Purpose | Expires |
|---|---|---|
auth_session | Keeps you signed in after you click a magic link. HttpOnly, Secure, SameSite=Lax. | 30 days |
NEXT_LOCALE | Remembers the language you chose so pages open in the right locale. | Up to 1 year |
event-unlock-<eventId> | Lets invited guests or password-approved visitors access a private event gallery without re-entering the password on every page. | Event-scoped, usually 24 hours |
g_state, apple_state, cloud state cookies | Short-lived OAuth security checks for Google, Apple, Google Drive, Dropbox, OneDrive, and Google Photos connections. | About 10 minutes |
gal_ref | Optional referral attribution if someone opens Galeira from a referral link and later creates an event. | Short-lived; deleted after event creation |
galeira-consent and galeira-analytics-consent | Browser localStorage records for your cookie-banner choice. These are not sent with every request like cookies. | Until you clear browser storage or change preferences |
galeira-theme | Browser localStorage preference for light or dark mode. | Until you clear browser storage or change theme |
Optional analytics after consent
If you choose analytics in the cookie banner, Galeira may load the following tools. If you reject analytics, these client-side analytics tools do not load on first page view.
- PostHog — product analytics, funnel events, and session replay with input masking.
- Sentry — client-side error and performance monitoring, with PII scrubbing and consent checks.
- Microsoft Clarity — heatmaps and session replay on public marketing/conversion pages only, after analytics consent.
Server-side security, abuse prevention, payment, and operational logs may still run where they are strictly necessary to provide the service, protect users, or comply with law. Those are not advertising trackers.
What we do not use today
- No advertising or retargeting cookies.
- No Google Analytics.
- No Meta Pixel.
- No social-media tracking pixels.
- No sale of personal data and no analytics use of uploaded photos, videos, voice messages, or face vectors.
Third-party services that may set cookies
- Stripe — when you visit a checkout page (only on the checkout page itself), Stripe sets its own cookies for fraud prevention. See Stripe's privacy notice.
- OAuth providers — Google, Apple, Dropbox, Microsoft, and similar providers may set their own cookies when you choose to sign in or connect a cloud account on their hosted consent pages.
Changing your choice
Use the cookie banner to accept all, reject non-essential cookies, or save a custom choice. Analytics and marketing are off by default until you choose otherwise.
You can clear the auth_session cookie by signing out (the “Sign out” button in your account menu) or clearing your browser cookies. The site won’t function as a signed-in user without it. Clearing browser storage also removes galeira-consent, so the banner will ask again.
Contact
Questions: privacy@galeira.com.