This Cookie Policy explains how Hey Wav, Inc. ("Hey Wav," "we," "us," or "our") uses cookies and similar technologies when you visit our website and use our services (the "Service").
1. What Are Cookies?
Cookies are small text files stored on your device (computer, tablet, or mobile) when you visit a website. They help websites remember your preferences, understand how you use the site, and improve your experience.
Types of Cookies
- Session cookies: Temporary cookies deleted when you close your browser
- Persistent cookies: Remain on your device for a set period or until you delete them
- First-party cookies: Set by the website you're visiting
- Third-party cookies: Set by external services integrated into the website
2. How We Use Cookies
We use cookies and similar technologies to:
- Keep you signed in to your account
- Remember your preferences and settings
- Understand how you use our Service
- Improve our Service based on usage patterns
- Protect against unauthorized access
3. Cookies We Use
3.1 Essential Cookies (Required)
These cookies are necessary for the Service to function. You cannot opt out of these cookies.
| Cookie | Provider | Purpose | Duration |
|---|
| Supabase auth tokens | Supabase | Authentication and session management | Session / Persistent |
active_workspace | Hey Wav | Remember your currently selected workspace | Session |
| Supabase session | Supabase | Maintain your login session | Session / Persistent |
Details:
- Supabase Authentication Cookies: Store encrypted session tokens (JWT) to keep you logged in. These are HttpOnly and Secure cookies that cannot be accessed by JavaScript for security.
- Active Workspace Cookie: Remembers which workspace you're currently viewing so you don't have to select it each time.
3.2 Analytics Cookies
These cookies help us understand how visitors use our Service. Analytics cookies are only set after you consent.
| Cookie | Provider | Purpose | Duration |
|---|
ph_<project>_posthog | PostHog | Analytics session identifier | 365 days |
PostHog Analytics:
- Provider: PostHog (US-hosted analytics platform)
- Hosting location: United States
- Data collected when you consent to analytics only:
- Page views, feature usage, clicks, session duration
- Device and browser information
- Anonymous session identifier
- Data collected when you also consent to identification:
- User ID and email address
- Name (if provided in your profile)
- Workspace information
- Anonymous mode: If you consent to analytics but not identification, you are tracked via an anonymous session ID only (no personal data linked)
- Identified mode: With explicit identification consent, we link analytics to your account to provide better support and personalization
Important: We do not send your email or personal information to PostHog unless you have explicitly consented to identification in addition to analytics.
For more information, see PostHog's Privacy Policy.
3.3 Security Cookies
These cookies help protect the Service from abuse.
| Cookie | Provider | Purpose | Duration |
|---|
| Turnstile verification | Cloudflare | Bot protection token | Session |
Cloudflare Turnstile:
- When used: During signup, signin, and password reset
- Purpose: Prevent automated bots and abuse
- How it works: Turnstile uses a managed challenge that runs in the background to verify you're human
- Cookies: In managed mode, Turnstile does not set persistent cookies. Verification tokens are session-based.
- Data collected: Browser characteristics for verification (not stored by Hey Wav)
- Visibility: Non-intrusive (invisible or low-friction CAPTCHA)
For more information, see Cloudflare's Privacy Policy.
4. Third-Party Services
Some features integrate third-party services that may set their own cookies:
4.1 External Links
If you click links to external websites, those sites may set their own cookies. We are not responsible for third-party cookie practices.
5. Cookie Duration
| Type | Duration | Examples |
|---|
| Session cookies | Deleted when browser closes | CAPTCHA verification |
| Short-term persistent | Hours to days | Analytics session |
| Long-term persistent | Weeks to months | Authentication (remember me) |
6. Your Cookie Choices
6.1 Cookie Consent Banner
When you first visit Hey Wav, you may see a cookie consent banner. Our approach to consent varies based on applicable law:
- Where opt-in consent is required by law (including EU/EEA/UK under GDPR, and other jurisdictions with similar requirements): We require your explicit consent before setting any non-essential cookies, including analytics. Analytics and identification are disabled by default.
- Where opt-out consent applies (including most of the United States): Analytics cookies may be enabled by default, but you can opt out at any time through the cookie preferences or account settings.
We use your browser's timezone to determine which consent model applies. You can always change your preferences regardless of location.
6.2 Cookie Preferences
You can manage your cookie preferences at any time by:
- Clicking "Cookie Preferences" in your account settings
- Clicking the "Customize" button on the cookie banner
6.3 Global Privacy Control (GPC)
We honor the Global Privacy Control signal. If your browser sends a GPC signal, we will automatically disable analytics and marketing cookies.
6.4 Browser Settings
Most browsers allow you to:
- View cookies stored on your device
- Delete all or specific cookies
- Block cookies from all or specific sites
- Set preferences for first-party vs. third-party cookies
How to manage cookies in common browsers:
- Chrome: Settings > Privacy and Security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
- Edge: Settings > Privacy, search, and services > Cookies
6.5 Impact of Disabling Cookies
If you disable cookies:
- Essential cookies: You will not be able to log in or use the Service
- Analytics cookies: We won't be able to track your usage (the Service will still work)
6.6 Do Not Track
We honor the Do Not Track (DNT) browser setting. If your browser sends a DNT signal, we will disable analytics tracking.
7. Similar Technologies
We may also use:
7.1 Local Storage
- Purpose: Store preferences and cached data in your browser
- Data stored: UI state, theme preferences, cookie consent preferences
- Duration: Until cleared by you or the application
7.2 Session Storage
- Purpose: Temporary data for your current browsing session
- Data stored: Temporary state during navigation
- Duration: Cleared when you close the browser tab
7.3 Beacon/Pixel Technology
- Purpose: Track email opens and link clicks
- When used: In transactional and marketing emails (with consent)
8. Updates to This Policy
We may update this Cookie Policy from time to time. When we do:
- We will post the updated policy on this page
- We will update the "Last Updated" date
- For significant changes, we may notify you via email or in-app notification
9. Contact Us
If you have questions about our use of cookies, contact us at:
- Email: support@heywav.com
- Company: Hey Wav, Inc., a Delaware corporation
Summary Table
| Cookie Type | Required | Can Opt Out | Impact of Opting Out |
|---|
| Essential (Auth, Workspace) | Yes | No | Cannot use Service |
| Analytics (PostHog) | No | Yes | We can't improve based on your usage |
| Security (Turnstile) | Yes | No | Cannot sign up or reset password |
This Cookie Policy was last updated on January 20, 2026.