Legal
Cookie Policy
Everything we set in your browser, and how to switch it off.
Last updated 17 May 2026
In plain English
The short version.
- · Essential cookies keep you logged in and process your payment. These can't be turned off.
- · Analytics cookies (PostHog) only load if you opt in. Inputs are masked, so we never see what you type.
- · Marketing cookies (Google Tag Manager, Meta Pixel) only load on our marketing pages, only if you opt in. They never load inside the app.
- · You can change your mind any time via or the footer link.
- · We don't share participant or worker data with any ad network. Ever.
Every cookie, by category
The list below is exhaustive. If you spot something not on this list, please .
| Category | Name | Set by | Purpose | Duration |
|---|---|---|---|---|
| Essential | sb-* (Supabase auth session) | Checkbase | Keeps you logged in to the app. Without this we can't authenticate you. | Session + refresh token (rolling) |
| Essential | checkbase:consent:v1 (localStorage) | Checkbase | Stores your cookie preferences so we don't ask again. | Persistent until you clear browser data |
| Essential | __stripe_mid, __stripe_sid | Stripe | Fraud detection on the checkout / billing portal pages. | Session and 1 year |
| Analytics | ph_* (PostHog) | PostHog (via our /ingest proxy) | Anonymous product analytics: which features get used, session replays with all inputs masked. | 1 year |
| Marketing | _ga, _gid (Google Analytics 4 via GTM) | Aggregate visit measurement for our marketing pages. IP truncated. Never loaded inside the authenticated app. | Up to 2 years | |
| Marketing | _fbp, _fbc (Meta Pixel) | Meta | Measure the effectiveness of our advertising on Meta. Never loaded inside the authenticated app. | Up to 90 days |
Managing your preferences
You can change your consent any time from the dialog, also accessible from the footer link on every page. Changes take effect immediately for analytics; marketing tags stop loading on the next page view.
You can also block or clear cookies in your browser settings. Doing that may sign you out of the app and force a fresh consent prompt.
Third-party links
When we link to third-party sites (for example NDIS Commission guidance, OAIC), those sites set their own cookies under their own privacy policies. We have no control over their behaviour.
Why we keep this short
We don't use ad-targeting beyond aggregate campaign measurement. We don't sell data. We don't fingerprint browsers. The categories above are the entire story.
For the full picture of what data we hold and how we use it, read our Privacy Policy.
Checkbase Pty Ltd (ABN 23 697 668 330). Questions? .