Cookie Policy
This Cookie Policy explains the cookies, browser local storage, session storage, and similar technologies used by TEF TCF Canada Practice, what each one does, how long it lasts, and how to control them. It is part of our Privacy Policy.
Last Updated
April 28, 2026 (version 2026-04-28).
1. What These Technologies Are
Cookies are small text files placed on your device by your browser when you visit a website. Local storage and session storageare similar mechanisms built into modern browsers for storing structured data on your device. We collectively refer to all of them as "cookies and similar technologies" in this Policy.
First-party cookies are set by us. Third-party cookies are set by service providers we use (for example, our analytics provider).
2. Categories We Use
- Strictly necessary. Required for the platform to function — authentication, CSRF protection, locale preference, and the anonymous-trial fingerprint that enforces our free-tier limit. These cannot be disabled while using the platform.
- Functional. Remember preferences and dismissed banners so the experience matches how you have used the platform before. Disabling these may reduce the quality of the experience but does not break core features.
- Analytics. Help us understand how the platform is used in aggregate. We use PostHog Inc. for analytics. We do not use Google Analytics on this site.
- Operational. Set by our hosting and security providers to detect abuse, prevent brute-force login attempts, and rate-limit sensitive routes.
3. Cookies and Storage Keys We Set
The list below covers the cookies and storage keys currently in use:
| Name | Category | Type | Party | Purpose | Duration |
|---|---|---|---|---|---|
session / auth token | Strictly necessary | Cookie | First-party | Keeps you signed in to your account between requests. | Session, with rolling extension on activity |
CSRF token | Strictly necessary | Cookie | First-party | Protects authenticated requests from cross-site request forgery. | Session |
locale preference | Strictly necessary | Cookie | First-party | Remembers whether you prefer the English or French version of the site. | Up to 12 months |
anonymous-trial fingerprint | Strictly necessary | Local storage | First-party | Identifies your browser before signup so we can enforce the free-tier question limit. | Until cleared by you or by us |
in-product banner dismissal | Functional | Local storage | First-party | Remembers banners and tooltips you have closed so we do not show them again. | Up to 24 months |
exam-preferences cache | Functional | Local storage | First-party | Caches your exam-target settings between visits. | Up to 12 months |
local progress (pre-account) | Functional | Local storage | First-party | Stores progress made before you create an account so we can migrate it after signup. | Until migrated to your account or cleared |
posthog_* | Analytics | Cookie | Third-party | PostHog product analytics — anonymous user identifier and event metadata used to measure feature usage and detect issues. | Up to 12 months |
rate-limit / security log identifiers | Operational | Cookie | First-party | Helps detect abuse, brute-force login attempts, and bot activity. Set transiently when sensitive routes are accessed. | Up to 7 days per identifier |
We may add or change entries over time. When we do, we will update this Policy and revise the "Last Updated" date.
4. How to Control Cookies
You can manage or delete cookies through your browser settings. The links below point to current instructions from each browser vendor:
Disabling strictly necessary cookies will prevent you from signing in or using core features. Disabling functional cookies will reset your preferences. Disabling analytics or operational cookies will not affect your ability to use the platform.
5. Analytics Opt-Out
Our analytics are provided by PostHog Inc. We configure PostHog so that the user identifier is randomly generated and not derived from your email address or other identifying account fields. You can opt out of analytics tracking through your browser's privacy controls or, where available, the in-product analytics opt-out toggle.
For more information about how PostHog handles data, see PostHog's privacy policy.
6. Do Not Track
Some browsers send a Do Not Track (DNT) signal. There is no industry consensus on how DNT signals should be honoured, and we do not currently change our behaviour based on a DNT signal. Where applicable law requires us to honour a Global Privacy Control (GPC) signal or similar opt-out signal, we honour it as required by that law.
7. Changes to This Policy
We may update this Cookie Policy from time to time. When we do, we will post the updated version on this page and revise the "Last Updated" date and version.
8. Contact
Questions about this Cookie Policy can be sent to support@tcftefprep.com.