Cookie Policy
Last updated March 16, 2026
This Cookie Policy explains what cookies and client-side storage mechanisms pxdiff.com uses and why.
Summary
pxdiff does not set any non-essential cookies. We do not use cookies for advertising, cross-site tracking, or analytics. As a result, pxdiff does not display a cookie consent banner — there are no optional cookies to consent to or reject.
Analytics (PostHog) — No Cookies
PostHog, our analytics provider, is configured with persistence: "memory". This means:
- No cookies are set by PostHog.
- No localStorage or sessionStorage entries are created.
- All analytics data is held in JavaScript memory only and discarded when you close the tab.
Analytics requests are proxied through r.pxdiff.com to PostHog’s US servers. No persistent identifier is stored on your device between sessions.
CloudFront Signed Cookies — Sites Feature Only
If you access a hosted site at *.sites.pxdiff.com (Storybook or Ladle builds uploaded via the sites feature), three CloudFront signed cookies are set:
| Cookie | Purpose |
|---|---|
CloudFront-Policy | Encodes the access policy (allowed URL pattern and expiry) |
CloudFront-Signature | Cryptographic signature verifying the policy |
CloudFront-Key-Pair-Id | Identifies the signing key used |
These cookies are:
- HttpOnly — not accessible to JavaScript.
- Secure — transmitted only over HTTPS.
- SameSite=Lax — not sent on cross-origin requests.
- Domain:
.sites.pxdiff.com— scoped to hosted sites only, never set onpxdiff.com. - TTL: 1 hour — automatically expire and are not refreshed unless you revisit the site.
These cookies are strictly necessary to serve authenticated static site content through CloudFront. Without them, hosted Storybook and Ladle builds would be publicly accessible.
These cookies are not set when you use the main pxdiff application at pxdiff.com.
Crisp Chat Cookies — Only When You Open Chat
We use Crisp for live chat support. Crisp is configured with autoload: false and Total Privacy Mode enabled, which means:
- No Crisp cookies or scripts are loaded until you actively open the chat widget.
- Once opened, Crisp sets
crisp-client/*cookies to maintain your chat session. - These cookies are functional only — they identify your chat session so your conversation history persists. They are not used for tracking or advertising.
- Expiry: 6 months.
- Cookies are scoped to
pxdiff.com.
These cookies are strictly necessary for the chat feature to function. They are only set by your explicit action (opening the chat widget).
Session Token — localStorage, Not a Cookie
pxdiff stores your authentication session token in localStorage under the key pxdiff_session_token. This is not a cookie — it is not automatically sent with HTTP requests or accessible to third-party scripts.
The session token is:
- Set when you log in (via GitHub OAuth or magic link).
- Sent as an
Authorization: Bearerheader on API requests from the web app. - Removed when you log out.
- Expires after 30 days of inactivity (server-side).
Why No Cookie Consent Banner
Under the ePrivacy Directive and GDPR, cookie consent is required for non-essential cookies (tracking, advertising, non-essential analytics). pxdiff’s cookie usage consists entirely of:
- Strictly necessary cookies — CloudFront signed cookies for authenticated site hosting, and Crisp cookies only when the user initiates chat.
- No analytics cookies — PostHog uses in-memory persistence only.
- No advertising or tracking cookies — none, from any provider.
Since all cookies used by pxdiff are strictly necessary for functionality the user has explicitly requested, no consent banner is required.
Changes to This Policy
If we add new cookies or change how existing ones work, we will update this page and notify users of material changes.
Contact
For questions about cookies and client-side storage, email us at privacy@pxdiff.com.
Last updated: March 16, 2026