Last updated: March 3, 2026

Cookies Policy

This Cookies Policy describes how ApprovePost ("we", "us", "our") uses cookies and related browser storage technologies on approvepost.app.

1. What Are Cookies?

Cookies are small text files stored in your browser when you visit a website. They allow websites to recognise your browser, remember preferences, and maintain sessions between page loads. We also use browser localStorage for non-tracking preference values such as theme and cookie consent.

2. Cookies and Storage We Use

Essential cookies only. ApprovePost uses a minimal number of cookies - all strictly necessary for the operation of the service. We do not use marketing cookies, advertising cookies, or third-party tracking scripts (including Google Analytics, Google Tag Manager, or Facebook Pixel).
Name Type Purpose Storage Duration
ap_token Essential - Authentication Stores a JSON Web Token (JWT) to authenticate your session. Without this you cannot remain logged in. Cookie (HttpOnly) Persistent (until token expiry, logout, or invalidation)
ap_refresh_token Essential - Authentication Stores a refresh token to issue new access tokens without requiring you to log in again. Rotated on each use for security. Cookie (HttpOnly) Persistent (until logout or token invalidation)
CSRF Token Essential - Security A per-session token that protects against Cross-Site Request Forgery (CSRF) attacks on state-changing actions. Cookie Session
ap-theme Functional - Preference Remembers your dark/light theme choice. localStorage Persistent (until cleared)
ap-cookie-consent Functional - Preference Remembers that you have acknowledged this Cookies Policy. localStorage Persistent (until cleared)

3. Why These Cookies Are Necessary

The cookies used by ApprovePost are strictly necessary under GDPR and equivalent regulations. They are required for the platform to function correctly:

  • Authentication (ap_token) - without the JWT session cookie, the platform cannot verify your identity on each request.
  • Session persistence (ap_refresh_token) - enables seamless, secure session renewal without repeated manual logins. Rotated on every use and stored as an HttpOnly cookie with security flags.
  • CSRF protection - prevents malicious third-party websites from submitting requests to ApprovePost on your behalf.
  • Theme and consent preferences - functional localStorage values that improve usability; they do not track you or leave your device.

Because these cookies are strictly necessary, we do not require your consent to set them under applicable law. You may still disable or delete them at any time (see Section 4).

4. How to Manage or Disable Cookies

You can control cookies through your browser settings at any time:

  • Google Chrome - Settings → Privacy and Security → Cookies and other site data.
  • Mozilla Firefox - Settings → Privacy & Security → Cookies and Site Data.
  • Apple Safari - Preferences → Privacy → Manage Website Data.
  • Microsoft Edge - Settings → Cookies and site permissions → Manage and delete cookies and site data.
Please note: If you disable or delete the cookies used by ApprovePost, you will be logged out and may not be able to access protected areas of the platform until you log in again. Core functionality depends on these cookies being present.

Clearing localStorage

To remove preference values stored in localStorage:

  • Open browser DevTools (F12 or Cmd+Option+I on Mac).
  • Go to Application → Local Storage → https://approvepost.app.
  • Select and delete the relevant entries (ap-theme, ap-cookie-consent).

Alternatively, logging out via the platform interface will invalidate your authentication cookies (ap_token and ap_refresh_token).

5. Third-Party Cookies

ApprovePost does not embed third-party widgets or scripts that set cookies on your device, with the following notes:

  • TinyMCE - used for rich text editing. Operates entirely within your browser without communicating personal data externally or setting tracking cookies.
  • Google OAuth - if you use Google sign-in, Google may set its own cookies as part of its authentication flow. These are governed by Google's Privacy Policy.
  • Paddle - if you proceed to a checkout page hosted by Paddle, Paddle may set its own cookies. These are governed by Paddle's Privacy Policy.

6. Changes to This Policy

We may update this Cookies Policy if we introduce new features or change our use of cookies. Any material updates will be reflected in the "last updated" date above and communicated to users via email or in-app notice where appropriate.

7. Contact

If you have questions about our use of cookies: