Cookie policy

Last updated: 2026-05-17 · Version: 2.1

Marketing site (veln.sh)

The marketing site uses Google Analytics 4 to understand which pages visitors land on and how they navigate the site. Google sets a small number of first-party cookies on the .veln.sh domain — typically _ga and _ga_F19LYJFDY0 — to distinguish visitors and sessions. We have configured page paths so identifiers in URLs (invite tokens, reset tokens, email addresses) are stripped before any page-view event is sent. We do not run advertising, retargeting, or third-party tracking pixels. We do not sell or share analytics data.

The browser Do Not Track signal is respected at the analytics layer when the browser sends it.

Veln Console (app.veln.sh)

The Console is a separate application that uses strictly necessary cookies for authentication and security: a signed, HttpOnly, SameSite=Strict refresh-token cookie, and a short-lived in-memory access token. These are required for the product to work and are not subject to opt-in. The Console also uses Google Analytics 4 with the same cookie set as the marketing site, with dynamic identifiers (organization IDs, device IDs, approval IDs, invite tokens) stripped from the path before any page-view event is sent.

What we do not do

We do not run third-party advertising or retargeting pixels (no Meta, Google Ads, LinkedIn, etc.), and we do not embed social-media widgets that set cookies. The agent (the veln binary itself) does not use cookies — it talks to the Veln API with a device-scoped bearer token stored locally.

See also Privacy policy, GDPR, and Terms.