Back to Calibrate

Cookies and analytics

Cookie and Analytics Notice

This notice explains the cookies, browser storage, analytics, monitoring, and tracking limits used by the current Calibrate website.

Last updated June 1, 2026

Necessary cookies and storage

Calibrate uses necessary cookies and limited browser storage to operate the website, authenticate users, protect requests, and preserve non-sensitive UI state.

  • Draft ownership uses a server-issued HttpOnly cookie so anonymous questionnaire drafts can be associated with the same browser without exposing the token to client JavaScript.
  • Clerk may set authentication and session cookies when you sign in or create an account.
  • CSRF and request-origin protections help prevent unauthorized browser mutations.
  • Cloudflare Turnstile may be used to distinguish human traffic from automated abuse on sensitive actions.
  • Browser storage may hold non-sensitive UI state such as questionnaire step status or temporary sign-in email convenience state. Questionnaire answers, consult answers, protocol JSON, health labels, and account tokens should not be stored in localStorage or sessionStorage.

Analytics

Calibrate's analytics posture is event-only and privacy-scoped. Analytics must not collect form contents, questionnaire answers, consult answers, generated protocol content, health details, email addresses, tokens, raw IP addresses, or free-text medical information.

  • Landing-page events are scrubbed to a small allowlist of safe event names and properties before being sent to dataLayer or gtag if those globals exist.
  • PostHog browser configuration disables autocapture and automatic pageview capture, uses memory persistence, masks all text and element attributes, and blocks session replay on sensitive paths.
  • Sentry has PII collection disabled, replay sample rates set to zero, and scrubbers for sensitive keys and values before events are sent.

No ad pixels on sensitive flows

Calibrate does not currently run advertising pixels, retargeting scripts, behavioral advertising, or lookalike-audience tracking. Those tools must not run on questionnaire, consult, authenticated, admin, account, health intake, or protocol pages.

Choices

You can use browser settings to block or delete cookies, but some necessary features may stop working. You can also email support@calibrate.day with privacy or analytics questions. Calibrate's current posture is no sale of personal information, no sale of consumer-health data, and no consumer-health data sharing for advertising.

Privacy Choices - access, correction, deletion, export, consent withdrawal, or consumer-health request

Changes

If Calibrate later enables non-essential analytics storage, ad pixels, behavioral advertising, consent banners, region-specific consent gating, or new third-party tracking, this notice and the Privacy Policy must be updated before that change goes live.