Legal
Cookie Policy
Last updated: March 2026
This policy explains how Forgemaster AI (operated by Testreel OÜ) uses cookies and similar browser storage technologies when you use our services.
What are cookies and similar technologies?
Cookies are small text files placed on your device by a website. We also use localStorage — browser storage that works similarly to cookies but is only accessible by JavaScript on the same origin, with no automatic expiry. Throughout this policy, "cookies" refers to both unless stated otherwise.
Forgemaster's core authentication does not use traditional HTTP session cookies. Your login session is maintained via a JWT (JSON Web Token) stored in localStorage, which means it is never automatically sent to the server on every request — instead it is attached to API calls explicitly by the application.
Why we use them
- To keep you authenticated across page navigations and browser restarts.
- To remember your interface preferences (colour scheme, panel layouts).
- To understand how users navigate the product and identify usability issues.
- To enable secure sign-in via third-party identity providers (Google, GitHub, GitLab, LinkedIn).
- To process payments securely via Stripe.
Cookies and storage we use
Strictly Necessary
These are required for the service to function. They cannot be disabled.
| Name | Provider | Type | Purpose & Duration |
|---|---|---|---|
| forgemaster-store | Forgemaster | localStorage | Stores your authentication token (JWT), active session state, and core UI preferences. Without this, you cannot stay logged in. Until you log out or clear browser storage |
| forgemaster-journey-store | Forgemaster | localStorage | Persists journey map state between sessions. Until cleared |
| __nextjs_* | Vercel / Next.js | Cookie | Next.js internal routing and server-component caching state. Session |
Functional / Preferences
These remember your preferences to improve your experience. Disabling them may affect appearance settings.
| Name | Provider | Type | Purpose & Duration |
|---|---|---|---|
| usehooks-ts-ternary-dark-mode | Forgemaster | localStorage | Stores your chosen colour scheme (light, dark, or system). Used to prevent a flash of the wrong theme on page load. Persistent until changed |
Analytics
Help us understand how the product is used so we can improve it. All data is pseudonymous.
| Name | Provider | Type | Purpose & Duration |
|---|---|---|---|
| ph_* | PostHog | Cookie + localStorage | Product analytics, session recording, and feature flag evaluation. Used to track page views, user flows, and identify issues. Users are identified by email after login (posthog.identify). Up to 1 year |
Authentication (Third-party OAuth)
Set by identity providers during the OAuth sign-in flow. Forgemaster does not control these cookies; they are governed by each provider's own privacy policy.
| Name | Provider | Type | Purpose & Duration |
|---|---|---|---|
| OAuth state / session cookies | Cookie | Facilitates sign-in via Google account. Google may set additional cookies to manage the OAuth session. Session | |
| OAuth state / session cookies | GitHub | Cookie | Facilitates sign-in via GitHub account. Session |
| OAuth state / session cookies | GitLab | Cookie | Facilitates sign-in via GitLab account. Session |
| OAuth state / session cookies | Cookie | Facilitates sign-in via LinkedIn account. Session |
Payments
Set by Stripe when you interact with payment or subscription pages. Governed by Stripe's privacy policy.
| Name | Provider | Type | Purpose & Duration |
|---|---|---|---|
| __stripe_*, _ga (Stripe) | Stripe | Cookie | Fraud prevention, secure payment session management, and analytics on the Stripe-hosted checkout page. Up to 2 years |
Managing and disabling cookies
Strictly necessary storage cannot be disabled without breaking the application — your JWT auth token must be stored somewhere for you to stay logged in.
Preference storage (dark mode) is set automatically when you change theme. Clearing it will revert to your system default.
PostHog analytics can be opted out of at any time by contacting us at [email protected]. You can also clear all PostHog entries by clearing your browser's localStorage and cookies for this site.
Browser controls: all major browsers allow you to view, block, and delete cookies and localStorage via developer tools or privacy settings. Note that blocking all storage will prevent login.
Third-party providers
The following third parties may set their own cookies or storage during your use of our service. Their data practices are governed by their own privacy policies:
Changes to this policy
We may update this Cookie Policy when we add new features or third-party integrations. We will update the "Last Updated" date at the top. Material changes will be communicated via the application or email.
Contact
For questions about this Cookie Policy or to exercise your data rights:
Email: [email protected]
Address: Testreel OÜ, Aiavilja tn 9-8, 72712 Paide linn, Järva maakond, Estonia
Last updated: March 2026