GDPR Cookie Policy

Policy Owner: Deeptendu Santra

Effective Date: June 9, 2026

Application

This policy applies to all employees, contractors, and vendors while doing business with Potpie AI and others who have access to European Union (EU) and the European Economic Area (EEA) data subject information (“personal data”) in connection with Potpie AI’s operating activities.

Policy

Potpie AI believes in transparency about collection and use of data. This policy provides information about how and when Potpie AI uses cookies for these purposes. Capitalized terms used in this policy but not defined have the meaning set forth in our Privacy Policy, which also includes additional details about the collection and use of information at Potpie AI.

What is a cookie?
Cookies are small text files sent by us to your computer or mobile device, which enable Potpie AI features and functionality. They are unique to your account or your browser. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire.

Does Potpie AI use cookies?
Yes. Potpie AI uses cookies and similar technologies, including browser storage such as localStorage and IndexedDB, to operate and secure its Sites and Services. Potpie AI doesn’t ship first party cookies; shows Google-owned third-party cookies used during Google/Firebase sign-in. The current inventory did not identify first-party Potpie cookies on app.potpie.ai, but Potpie AI code can set limited first-party preference cookies and browser storage when related features are used or configured.

How is Potpie AI using cookies?
Some cookies and similar technologies are associated with your account or authentication flow to remember that you are logged in and to support secure access to the Services. Other storage may not be tied to your account but can help us remember preferences, carry out analytics when configured, or support product feedback and surveys.
Cookies can be used to recognize you when you visit a Site or use our Services, remember your preferences, and give you a personalized experience that is consistent with your settings. Cookies also make your interactions faster and more secure. See Appendix A for the current cookie and similar-technology inventory for app.potpie.ai and the public potpie.ai site.

Categories of use

Authentication: If you're signed into the Services, cookies help Potpie AI show you the right information and personalize your experience.
Security: Potpie AI uses cookies to enable and support security features, and to help detect malicious activity.
Preferences, features, and services: Cookies denote which language you prefer and what your communications preferences are. They can help fill out forms on our Sites more easily. They also provide you with features, insights, and customized content.
Marketing: Potpie AI may use PostHog and Google Analytics to understand marketing campaign performance, attribution, and user interactions with the Sites and Services.
Performance, Analytics, and Research: Potpie AI may use PostHog, Google Analytics, and Sentry to understand usage, monitor reliability and performance, diagnose errors, and improve products, features, and services.

What third-party cookies does Potpie AI use?
You can find a list of the third-party cookies observed for app.potpie.ai in Appendix A. The current inventory shows Google-owned cookies associated with Google/Firebase sign-in. Potpie AI does its best to keep this table updated, but please note that the number and names of cookies and similar technologies may change from time to time.

How are cookies used for advertising purposes?
Potpie AI may use cookies and similar technologies from PostHog and Google Analytics to measure marketing campaign performance, understand how users arrive at and interact with the Sites and Services, and improve marketing and product experiences. Sentry is used for performance, reliability, and error monitoring rather than advertising.

What can you do if you don't want cookies to be set or want them to be removed?
You have the option to disable and delete cookies and browser storage that may not be necessary for the basic functionality of our website or application. Please note that blocking strictly necessary authentication or security cookies may prevent sign-in or cause parts of the Services not to work. You can control cookies through your browser settings and, where available, Potpie AI's cookie preference controls.

Does Potpie AI respond to Do Not Track Signals?
The Sites and Services do not collect personal information about your online activities over time and across third-party websites or online services. Therefore, “do not track” signals transmitted from web browsers do not apply to the Sites or Services, and Potpie AI does not alter any data collection and use practices upon receipt of such a signal.

Appendix A: Cookie Tables for app.potpie.ai and potpie.ai

The following tables use the authenticated Playwright cookie inventory for app.potpie.ai and the known public-site analytics usage for potpie.ai. Cookie values and authentication tokens are intentionally omitted.

Observed Third-Party Authentication Cookies

These Google-owned cookies were observed during Google/Firebase sign-in. They are third-party cookies associated with Google authentication and account-session continuity, not first-party Potpie cookies.

Cookie subgroup	Cookies	Cookies used	Observed source	Purpose / category
`accounts.google.com`	`ACCOUNT_CHOOSER`, `LSID`, `OTZ`, `__Host-1PLSID`, `__Host-3PLSID`, `__Host-GAPS`	Third party	Google sign-in/auth state	Google account selection, authentication continuity, service support, and security. Strictly necessary / authentication, with `OTZ` treated as strictly necessary or functional depending on Google's purpose.
`.google.com`	`APISID`, `HSID`, `NID`, `SAPISID`, `SID`, `SIDCC`, `SSID`, `__Secure-1PAPISID`, `__Secure-1PSID`, `__Secure-1PSIDCC`, `__Secure-3PAPISID`, `__Secure-3PSID`, `__Secure-3PSIDCC`	Third party	Google sign-in/auth state	Google account/session support, account security, authentication protection, and preferences/security support. Strictly necessary / authentication or security, with `NID` treated as functional or authentication-related depending on Google's purpose.
`.youtube.com`	`APISID`, `HSID`, `SAPISID`, `SID`, `SSID`, `__Secure-1PAPISID`, `__Secure-1PSID`, `__Secure-1PSIDTS`, `__Secure-3PAPISID`, `__Secure-3PSID`, `__Secure-3PSIDTS`	Third party	Google/YouTube auth state present after sign-in	Google/YouTube account/session support, authentication continuity, and security support if used during auth. Strictly necessary / authentication or security when used during authentication.
`.google.co.in`	`APISID`, `HSID`, `NID`, `SAPISID`, `SID`, `SSID`, `__Secure-1PAPISID`, `__Secure-1PSID`, `__Secure-3PAPISID`, `__Secure-3PSID`	Third party	Google sign-in/auth state	Google account/session support, account security, authentication continuity, and preferences/security support. Strictly necessary / authentication or security, with `NID` treated as functional or authentication-related depending on Google's purpose.

Public Website Marketing and Performance Cookies

Potpie AI uses Google Analytics on the public potpie.ai website. These cookies are used for analytics, marketing measurement, attribution, and traffic-source reporting.

Cookie subgroup	Cookies	Cookies used	Source	Purpose / category
`potpie.ai`	Google Analytics cookies such as `_ga`, `_ga_*`, `_gid`, `_gat`, and related Google tag cookies where configured	First party, with Google as analytics provider	Google Analytics / Google tag	Site analytics, marketing campaign measurement, attribution, and traffic-source reporting. Analytics / marketing / non-essential.

App Cookie and Similar Storage Capabilities

The current inventory did not observe these as first-party cookies on app.potpie.ai, but Potpie AI uses or has code/configuration for the following app cookie or similar browser storage capabilities. These entries should remain in the policy because they may appear when the relevant service, feature, tag, or environment variables are active.

Service / storage	Domain or origin	Observed in current audit	Enabled by	Purpose	GDPR/ePrivacy category
`sidebar:state`	First-party app domain	No	Sidebar state changes	Stores expanded/collapsed sidebar preference for seven days	Functional preference
`ph_[project_api_key]_posthog`	First-party app domain by default	No	`NEXT_PUBLIC_POSTHOG_KEY` and `NEXT_PUBLIC_POSTHOG_HOST`	Analytics identity and session persistence	Analytics / non-essential
PostHog localStorage persistence	First-party app origin	No	`NEXT_PUBLIC_POSTHOG_KEY` and `NEXT_PUBLIC_POSTHOG_HOST`	Analytics identity/session persistence, feature flags, and super properties	Analytics / non-essential
Sentry monitoring storage or service-managed identifiers, where configured	First-party app origin and/or Sentry domains, depending on SDK/service configuration	No	Sentry monitoring configuration	Error monitoring, performance monitoring, debugging, and service reliability	Performance / reliability / non-essential unless strictly required for security
Formbricks browser storage	First-party app origin	No	`NEXT_PUBLIC_FORMBRICKS_ENVIRONMENT_ID` and `NEXT_PUBLIC_FORMBRICKS_API_HOST`	Survey display state, response state, and targeting state	Feedback/survey, likely non-essential unless strictly required
Firebase Auth IndexedDB persistence	First-party app origin	Yes	Firebase environment variables	Authentication state persistence for signed-in sessions	Strictly necessary / authentication storage

Sentry Finding

Sentry is disclosed as a performance, reliability, and error-monitoring service. The current frontend inventory did not identify Sentry cookies on app.potpie.ai; the Sentry integration pages also initiate an OAuth/integration flow rather than advertising tracking.

Third Party Website Cookies

When using our website or application, you may be directed to third-party websites or services, including Google authentication services and user-selected integrations. Those websites may use their own cookies. Potpie AI does not control cookies placed by third-party websites, even if you are directed to them from Potpie AI.

How To Control and Delete Cookies

Using Your Browser

Many cookies can be enabled, disabled, or deleted through your browser settings, usually located within the browser Help, Tools, Settings, or Privacy menus. Disabling strictly necessary authentication cookies or browser storage may prevent sign-in or cause parts of the Services not to work.

Cookies and Storage Set in the Past

If cookies or browser storage are deleted, information collected before the deletion may still be retained according to the applicable provider terms and Potpie AI retention practices. Where Potpie AI has disabled or removed a non-essential cookie or storage technology, Potpie AI will stop using it to collect additional information from your user experience.

Version History