Serena Labs

LEGAL

Cookie Policy.

Last updated:2026-05-25

This Cookie Policy explains how Serena Labs ("we," "us") uses cookies and similar technologies on serenalabs.io and the authenticated application at serenalabs.io/app.

1. What Are Cookies?

Cookies are small text files stored on your device when you visit a website. They make websites work, improve performance, and provide information to operators.

2. Cookies We Use

Essential (always active)

CookiePurposeDuration
sb-vaipjewujamwmlddbzfb-auth-tokenSupabase Auth session — keeps you signed in across serenalabs.io and companion.serenalabs.io10 days
sb-vaipjewujamwmlddbzfb-auth-token-code-verifierPKCE code verifier used during OAuth (LinkedIn) and email-OTP sign-inSession
serena_cookie_consentStores your cookie preferences12 months

Functional (with consent)

CookiePurposeDuration
NEXT_LOCALEStores language preference (EN/ES)12 months

Analytics (only with consent)

CookieProviderDuration
ph_*PostHog (EU) — anonymized product analytics12 months
_ga, _ga_*Google Analytics 4 — anonymized site analytics24 months

Before you accept, both PostHog and Google Analytics run in cookieless / "denied" mode and do not store identifiers in your browser. We do not use advertising or marketing cookies.

3. Managing Cookies

Through our cookie banner on first visit, by clicking "Cookie Settings" in the footer, or via your browser's cookie settings. You can also clear the Supabase Auth session at any time by signing out from /app.

4. Third Parties

Third-party services that may set or read cookies on your behalf:

  • Supabase (essential) — manages the authenticated session shared between serenalabs.io and the Companion subdomain.
  • PostHog (only with consent) — anonymized product analytics in the EU.
  • Google Analytics 4 (only with consent) — anonymized site analytics. Loads with Consent Mode v2 set to "denied" by default; identifiers are only set after you accept. International transfers are protected by Standard Contractual Clauses under Google's standard DPA.
  • LinkedIn — when you choose to sign in with LinkedIn, LinkedIn may set its own cookies on linkedin.com during the OAuth handshake. We do not control or read those cookies; they are governed by LinkedIn's own cookie policy.

5. Changes

We may update this Cookie Policy. Material changes are reflected by updating the "Last updated" date.

6. Contact

For questions about cookies on our site, contact hello@serenalabs.io.

Cookie Policy — Serena Labs