Ghost
ResourcesPricingSecurity
Get started
HomeCookie Policy

On this page

  • Overview
  • What are cookies
  • Essential cookies
  • Analytics
  • Third-party cookies
  • Managing cookies
  • Changes to this policy
  • Contact

Cookie Policy

How Ghost uses cookies and similar technologies.

Last updated April 2026

1. Overview

Ghost ("we", "our", "us") uses a small number of strictly essential cookies to operate the platform. We do not use cookies for advertising, tracking, or profiling. This policy explains what cookies we set, why we set them, and how you can manage them.

2. What are cookies

Cookies are small text files placed on your device by a website. They are widely used to make websites work, remember your preferences, and provide information to site operators. Cookies can be "session" cookies (deleted when you close your browser) or "persistent" cookies (stored until they expire or you delete them).

3. Essential cookies

These cookies are required for the platform to function. They cannot be disabled without breaking core functionality. None of them contain personal data beyond opaque identifiers.

CookiePurposeDurationType
sb-*-auth-tokenAuthentication session managed by Supabase Auth. Keeps you signed in across page loads.Session / refresh cyclehttpOnly
ghost_active_orgRemembers which organisation you last accessed so we can restore your workspace context.1 yearhttpOnly
ghost_active_clientRemembers which client or matter you last viewed within your organisation.1 yearhttpOnly
ghost_auth_nextStores the page you were trying to reach before login so you can be redirected there after authentication. Consumed and cleared on callback.1 hourStandard
slack_oauth_nonceCSRF protection during the Slack integration OAuth flow. Set only when you connect Slack and deleted on callback.OAuth flow onlyhttpOnly
teams_oauth_nonceCSRF protection during the Microsoft Teams integration OAuth flow. Set only when you connect Teams and deleted on callback.OAuth flow onlyhttpOnly

4. Analytics

We use cookieless product analytics hosted on EU infrastructure. No cookies or local storage are written for analytics — session state is held in memory only and does not persist across page refreshes. This means your browsing behaviour is not tracked across sessions or linked to a persistent identifier via cookies.

On public marketing pages (such as our landing page, pricing, and resource guides), we may use session replay to observe navigation flow. All visible text is masked and all images and videos are replaced with blank placeholders before the recording leaves your browser. Session replay is never active inside the authenticated application. This processing is not used for advertising.

5. Third-party cookies

Ghost does not set or allow third-party advertising or tracking cookies. Our payment processor (Stripe) may set its own essential cookies during checkout — these are governed by Stripe's privacy policy.

6. Managing cookies

Because we only use strictly essential cookies, we do not display a cookie consent banner. If you prefer to block cookies entirely, you can do so in your browser settings, but this will prevent you from signing in and using the authenticated features of Ghost. Clearing cookies will sign you out and reset your workspace context preferences.

7. Changes to this policy

If we introduce new categories of cookies (for example, analytics cookies or functional preferences), we will update this page and, where required, obtain your consent before setting them. The "last updated" date at the top of this page reflects the most recent revision.

8. Contact

For cookie or privacy inquiries: privacy@ghostredact.app

© 2026 Ghost. All rights reserved.
ResourcesPrivacyTermsSecurity