Cookie policy

This Cookie Policy explains how Solidroad Inc. (“Solidroad”, “we”, “us”) uses cookies and similar technologies on our website solidroad.com. It should be read together with our Privacy Policy and the EU & UK Data Processing Addendum (DPA) that governs how we process personal data for customers. The DPA notes that customer data will be processed for as long as required to provide the Services and stored as set forth in our privacy policy[1], and it commits us to maintain appropriate technical and organisational measures to protect personal data[2].

Last updated: February 11, 2026

`1. What are cookies? Cookies are small text files stored on your device by your browser when you visit websites. They allow a site to remember information about your visit (such as login status or language preference). Some cookies are essential for the site to function; others help us understand how people use our site or enable third‑party features.`

`2. How we use cookies`

We use cookies and similar technologies for several reasons:

Strictly necessary / essential cookies – required for the website to operate (e.g., session and authentication cookies).
Security cookies – help detect and prevent security risks and protect accounts.
Performance & analytics cookies – help us understand how the site is used so we can improve performance and user experience.
Functional cookies – remember choices you make (such as language or display preferences).
Third‑party cookies – set by third parties whose services we use (e.g., analytics, marketing or support tools), subject to their own policies.

Where Solidroad acts as a processor for a customer under a DPA, our handling of personal data (including any cookie‑derived personal data) is governed by the DPA and our privacy policy[1].

`3. Typical cookies you may encounter`

The table below lists cookies and similar technologies you may encounter on solidroad.com. It is based on our current implementation and typical integrations (Google Analytics, PostHog analytics and marketing pixels). Names and retention periods may change; consult our site scanner or your browser for the latest cookies.

Cookie name

Purpose (summary)

Type

Retention (typical)

Cookie name

Keeps you logged in during a visit

Strictly necessary

Session

sr_csrf

CSRF token to prevent cross‑site request forgery

Security

Session

sr_pref_lang, sr_pref_theme

Stores your language or theme preference

Functional

1 year

_ga

Google Analytics visitor identifier

Performance & analytics

2 years

_ga_G‑3591Q5S61F

Google Analytics 4 session/visitor identifier for property G‑3591Q5S61F

Performance & analytics

2 years

_gid

Google Analytics session identifier

Performance & analytics

24 hours

_gat

Google Analytics throttling cookie

Performance & analytics

1 minute

ph_<project_api_key>_posthog

PostHog analytics cookie storing unique user ID

Performance & analytics

365 days

ph_<project_api_key>_posthog_session

PostHog session cookie

Performance & analytics

30 minutes

__cf_bm, __cfruid

Cloudflare cookies used to mitigate bots and rate‑limiting

Security / third‑party

30 minutes / session

vector_user_id

Unique ID set by Vector marketing pixel to de‑anonymise visitors

Third‑party marketing

1 year

__stripe_mid

Stripe session cookie used for payment forms (if present)

Third‑party functional

1 year

Note: Some cookies include a measurement ID (e.g., _ga_G‑3591Q5S61F) that corresponds to a specific Google Analytics property. For PostHog, the cookie name begins with ph_ and includes your project API key, as described in PostHog’s documentation[3].

`4. Third‑party cookies and providers`

Our site loads scripts from the following third‑party domains/providers, which may set cookies or use other tracking technologies:

Google Analytics / Google Tag Manager (googletagmanager.com, google‑analytics.com).
PostHog (us-assets.i.posthog.com, posthog.com). PostHog stores analytics data in a cookie named ph_<project_api_key>_posthog with a one‑year lifetime[3].
Vector marketing pixel (vector.co, cdn.vector.co). Vector’s pixel allows marketing analytics and may set a cookie like vector_user_id.
Framer (framerusercontent.com) and Amazon S3 (b2bjsstore.s3.us‑west‑2.amazonaws.com) host site assets and scripts.
Cloudflare (solidroad.com proxied via Cloudflare) may set security cookies such as __cf_bm.
Stripe (js.stripe.com) if we embed payment forms.

These third‑party cookies are governed by the providers’ policies. We require our vendors and sub‑processors to meet our security and privacy requirements[2], and we maintain a list of authorized sub‑processors at our security site (see the DPA for details).

`5. Security & best practices`

We follow industry‑standard security practices for cookie handling. Our security controls (as outlined in our DPA) include maintaining appropriate technical and organisational measures, encrypting data in transit and at rest, and limiting data retention. Authentication/session cookies are scoped to the issuing domain and marked with HttpOnly and Secure flags wherever possible. We regularly review and update cookie settings based on security testing and privacy requirements.

`6. Managing and deleting cookies`

Most browsers let you block or delete cookies via their settings. Blocking cookies may affect site functionality. You can opt out of many third‑party analytics cookies using opt‑out tools provided by those services. For example, Google provides a browser add‑on to disable analytics cookies.

`7. Data retention`

Cookie retention varies by cookie. Some expire at the end of a session while others persist for months or years. We retain personal data only as long as necessary to provide our services or as required by law[1]. For more information about how we handle personal data and retention generally, see our Privacy Policy and the DPA.

`8. Changes to this policy`

We may update this policy from time to time. If we make material changes, we will post the new policy on this page with an updated “Last updated” date.