Cookie Policy
Last updated: 2026-04-26
1. Introduction
This Cookie Policy explains how Clubtrack, Inc. ("Clubtrack", "we", "our", "us") uses cookies and similar technologies on our websites and product, namely clubtrack.io (marketing site) and app.clubtrack.io (the Clubtrack SaaS platform).
It describes which cookies and storage entries we set, why we set them, how long they last, who provides them, and how you can review or change your preferences at any time. This policy complements our Privacy Policy, which contains the broader description of how we process personal data, your rights and how to exercise them. In case of conflict between this policy and the Privacy Policy on a specific cookie matter, this Cookie Policy prevails for that matter only.
This policy is issued in accordance with Article 5(3) of Directive 2002/58/EC (ePrivacy), Article 22.2 of Spanish Law 34/2002 (LSSI-CE), the GDPR and the relevant guidance of the Agencia Española de Protección de Datos (AEPD) and the European Data Protection Board (EDPB).
2. What cookies and similar technologies are
A "cookie" is a small text file that a website stores on your browser or device when you visit it. Cookies allow the website to recognise your device on subsequent visits, remember your preferences, keep you signed in, and measure how the site is used.
In this policy, the term "cookies" is used as a shorthand for cookies and any similar technologies that read or write information on your device, including:
localStorage and sessionStorage entries set by the browser.
IndexedDB entries.
Pixels, tags and similar tracking technologies.
The legal regime under Article 5(3) ePrivacy applies to all of these technologies regardless of the specific implementation. Our consent management platform (CMP) treats them uniformly: the same consent that gates a third-party cookie also gates the corresponding localStorage entry.
The CMP itself stores your preferences using localStorage (see entry clubtrack_consent in §3) so that we do not need to ask you again on every page load.
3. Cookies we use
The table below lists the cookies and similar storage entries that the Clubtrack platform may set, the purpose of each one, how long it persists, who sets it, the legal basis under the GDPR, and the consent category to which it belongs.
Name | Purpose | Duration | Provider | Legal basis | Category |
|---|---|---|---|---|---|
| Maintains your authenticated session in the Clubtrack platform. | 30 days | Clubtrack | Art. 6(1)(b) GDPR — performance of the contract (providing the authenticated Service) | Necessary |
| Allows the platform to renew your authenticated session without forcing you to log in again. | 30 days | Clubtrack | Art. 6(1)(b) GDPR — performance of the contract | Necessary |
| Stores your cookie preferences (which categories you accepted or rejected) so the banner is not shown again on every page. Set by the Klaro consent manager. | 365 days | Clubtrack (Klaro) | Art. 6(1)(c) GDPR — legal obligation to demonstrate consent (Art. 7(1) GDPR), and Art. 6(1)(f) GDPR — legitimate interest in remembering your choice | Necessary |
| One-time marker indicating that any pre-consent PostHog state previously stored in your browser has been cleared. Stops the cleanup from running again. | Until manually cleared | Clubtrack | Art. 6(1)(f) GDPR — legitimate interest in keeping your browser state consistent with your current consent | Necessary |
| Product analytics (events, page views) and, where session recording is active, recording identifier. The wildcard | 12 months | PostHog, Inc. — EU region (Frankfurt) | Art. 6(1)(a) GDPR — your consent | Analytics |
| Records your PostHog opt-in or opt-out decision so PostHog respects it across reloads. | 12 months | PostHog, Inc. | Art. 6(1)(a) GDPR — your consent | Analytics |
This list reflects the cookies that the current version of the Clubtrack platform sets. Some cookies may not be set on a given visit (for example, the PostHog cookies are only set after you have actively granted analytics consent, see §5).
4. Categories
We classify all cookies and similar technologies into the four categories used by our consent banner. The Necessary category is always active; the other three can be accepted, rejected and withdrawn independently at any time.
4.1 Necessary
Strictly necessary to deliver the Service you have requested. Without them, basic functionality such as authentication, session continuity and recording your cookie preferences would not work. They are exempt from the Article 5(3) ePrivacy consent requirement under recital 66 and the EDPB Guidelines 2/2023 on technical storage and access. They cannot be disabled from the banner because doing so would prevent the Service from operating.
4.2 Preferences
Optional cookies that remember choices you make to personalise your experience (for example, language or display preferences) but are not strictly necessary to operate the Service. None are currently set; the category is reserved for future personalisation features and will not store anything until you have actively consented.
4.3 Analytics
Cookies that help us understand how the Service is used so we can improve it. Today, the Analytics category covers PostHog (EU region) for product analytics and session recording. They are only set after you have given opt-in consent under Article 6(1)(a) GDPR and Article 22.2 LSSI-CE. See §5 for details.
4.4 Marketing
Cookies used to deliver advertising or measure advertising effectiveness on or off our Sites. Clubtrack does not currently set any marketing cookies. The category is reserved in the consent banner for transparency: if we ever introduce marketing cookies in the future, you will see them under this category and will need to provide affirmative consent before any are set, and we will update this policy and prompt you again as described in §7.
5. PostHog
We use PostHog (EU region) for product analytics and session recording, only after you have given consent. Session recordings are configured with PII masking.
In practice, this means that until you accept the Analytics category in our consent banner, the PostHog client running in your browser does not capture any events, does not load session recording, does not load autocapture, and does not send your IP address to PostHog.
When you grant Analytics consent:
The PostHog client is started in EU-only data residency mode (
https://eu.i.posthog.com); no events are sent to non-EU PostHog endpoints.IP address collection is disabled at the client level (
ip: false) so PostHog does not see your full IP.Session recording, where enabled, runs with
mask_all_inputs: trueso the contents of input fields are never sent — only an indication that an input was interacted with.We treat all session recordings as containing potentially sensitive data and apply the same access, retention and deletion controls as for other personal data.
We do not call
posthog.identify()(i.e. associate captured events with your account identifiers such as email or name) until consent for analytics is in place. If you withdraw consent, the identification is reset and subsequent events are no longer linked to your account.
When you reject Analytics, withdraw it, or are pre-decided through the Global Privacy Control signal (see §6), PostHog is opted out, session recording is stopped and any in-browser PostHog state from a previous session is cleared.
PostHog is listed in our Subprocessor List with a description of its role and the safeguards we apply. Data collected by PostHog is hosted exclusively in PostHog's EU region (Frankfurt).
6. Managing your preferences
You are free to accept, reject or change your cookie preferences at any time. We do not condition access to the Service on your acceptance of non-necessary cookies.
6.1 The consent banner
The first time you visit the Service, a banner is displayed at the bottom of the page with three options of equivalent visual prominence:
Accept all — accepts every category (Necessary, Preferences, Analytics, Marketing) at once.
Reject all — rejects every non-essential category at once. Necessary cookies remain active because they are required for the Service to function.
Preferences — opens a per-category panel where you can grant or refuse each category individually before saving.
Until you make a decision, no non-essential cookies are set, and PostHog is opted out by default.
6.2 Changing or withdrawing your decision later
You can re-open the preferences panel at any time from the "Cookie preferences" section of your Account settings. From there you can grant any category that you previously rejected, or withdraw a category that you previously accepted. Withdrawing analytics consent stops PostHog capture immediately, stops any in-progress session recording, resets the PostHog identification, and clears the related PostHog cookies and localStorage entries from your device so no analytics state is left behind.
You can also delete the clubtrack_consent localStorage entry in your browser to be prompted again from scratch on the next visit.
6.3 Browser-level controls
Most browsers let you block or delete cookies and clear localStorage from their settings menu. If you block our Necessary cookies the Service will not work properly, in particular you will not be able to stay logged in.
6.4 Global Privacy Control
We honour the Global Privacy Control (GPC) signal sent by browsers and browser extensions. If your browser sends GPC when you load the Service:
Analytics and Marketing default to off without showing the banner.
Your decision is treated as already made: the banner does not interrupt your visit.
You can still open the preferences panel from your Account settings to grant categories explicitly if you want to (for example, if you change your mind about analytics).
This is consistent with §A.9 of our Privacy Policy, which describes how we honour GPC for California residents. We apply the same treatment to all users regardless of jurisdiction.
7. Changes to this policy
We may update this Cookie Policy from time to time, for example when we add a new cookie, change a provider, or change the legal basis or duration of an existing one.
Where the change is material — in particular when we introduce a new category or a new analytics or marketing provider — we will:
Publish the updated policy with a new "Last updated" date.
Notify Authorized Users by email. Notification is contemporaneous with the change taking effect, or as soon as practicable after it goes live. Users who do not accept the new conditions may reject them by closing their account, which terminates the contract.
Bump the internal
klaroConfig.versionvalue, which causes the consent banner to be shown again so you can make a fresh decision based on the updated information.In any event, ask for fresh consent at most every 12 to 24 months, in line with EDPB and AEPD guidance, so that consent does not become stale.
Minor editorial changes (typo fixes, clarifications that do not affect the cookies set, the categories or the legal basis) may be made without re-prompting.
8. Contact
For any question about this Cookie Policy or about a specific cookie or storage entry, please contact:
General / Privacy / DPO: support@clubtrack.io
EU Representative: javi@clubtrack.io
Clubtrack, Inc.
131 Continental Dr, Suite 305, Newark, DE 19713, USA
+1 740-272-5893
For broader privacy matters, including how to exercise your rights of access, rectification, erasure, restriction, portability, objection and withdrawal of consent, please see the Privacy Policy.