Legal
Cookie Policy
Cookies and similar technologies used by Reshot.
Effective: May 10, 2026
Summary
Reshot uses cookies and similar technologies for authentication, security, preferences, and support. Our product analytics runs in cookieless mode and sets no analytics cookies or other persistent browser storage. We do not use third-party advertising cookies. We do not sell personal data or share it for cross-context behavioral advertising. We honor Global Privacy Control where required by law.
This summary is for convenience only. The full policy below controls.
1. What this policy covers
This Cookie Policy explains how Reshot uses cookies, localStorage, sessionStorage, pixels, tags, SDKs, and similar technologies. We refer to all of these as "cookies" for simplicity unless a specific technology matters.
This policy applies to reshot.dev, the Reshot application, and related web surfaces. CLI/API usage generally does not use browser cookies, but may create logs and technical metadata described in the Privacy Policy.
2. Strictly necessary cookies
These are required for the Service to work and cannot be disabled through our cookie controls.
| Cookie or storage | Purpose | Typical lifetime |
|---|---|---|
| Authentication/session cookies | Keeps users signed in and protects account access | Session or up to 30 days depending on login settings |
| CSRF or security tokens | Helps prevent cross-site request forgery and related abuse | Session |
| Workspace/session state | Routes authenticated users to the correct workspace or app state | Session or limited persistent storage |
Cloudflare security cookies, such as __cf_bm where used |
Bot management, DDoS protection, and security | Usually minutes to hours depending on Cloudflare configuration |
3. Functional storage
These remember preferences or improve product usability.
| Storage | Purpose | Typical lifetime |
|---|---|---|
| Theme, layout, or UI preference storage | Remembers display preferences | Up to 12 months |
| Last-used workspace or project storage | Helps return users to their recent context | Up to 12 months |
| Local draft or workflow state, where used | Prevents accidental loss of temporary UI state | Session or limited persistent storage |
4. Analytics
We use product analytics to understand feature usage, reliability, conversion, and errors. Reshot’s analytics are not used for advertising or cross-context behavioral advertising.
Our current analytics provider is listed on the Subprocessor List. Our product analytics (PostHog) runs in cookieless mode: it stores data only in memory for the duration of your page session and sets no cookies or other persistent browser storage. Client IP addresses are discarded at ingestion, and session recording is disabled. Because analytics sets no cookies, we do not show an analytics consent banner.
5. Support cookies
If you initiate support chat or in-product support, our support provider may set a session cookie or similar technology to maintain the conversation and route your support request. Support cookies are used only for support and service communications.
6. What we do not use
We do not use:
- third-party advertising cookies;
- retargeting pixels;
- social-media tracking pixels;
- cookies that sell or share personal data for cross-context behavioral advertising; or
- fingerprinting designed to identify users across unrelated services.
7. Your choices
You can control cookies through browser settings. Blocking strictly necessary cookies may prevent login or break parts of the Service.
We do not show a cookie banner for analytics, which runs cookieless. You can control or clear cookies through your browser settings, and you can send a Global Privacy Control signal, which we honor where required by law.
8. Global Privacy Control and Do Not Track
We honor Global Privacy Control (GPC) signals as opt-out signals where required by applicable law.
We do not respond to browser Do Not Track (DNT) signals because there is no consistent legal or technical standard for them.
9. Subprocessors
Providers that may set cookies or process related technical metadata are listed at reshot.dev/legal/subprocessors. Relevant providers may include Cloudflare, PostHog, Sentry, and Channel.io depending on the page or feature used.
10. Changes
We may update this Cookie Policy. We will post the updated version and provide notice of material changes where required.
11. Contact
Cookie and privacy questions: privacy@reshot.dev

