Cookie Policy
This page explains every cookie and similar storage mechanism AnoLawg uses, what each one does, how long it lasts, and your choices. Last updated 2026-05-10.
A cookie is a small text file a website stores on your browser. Some cookies are essential to operate a site; others remember preferences or help the operator measure usage. AnoLawg uses only cookies that are either strictly necessary or directly useful to the logged-in experience. We do not sell cookie data and we do not run third-party advertising trackers.
Where required by law (GDPR, UK PECR, California CCPA/CPRA), we surface a consent banner for optional functional and analytics categories. Analytics cookies, analytics local storage, Vercel Analytics / Speed Insights, and PostHog browser calls are not intentionally loaded unless analytics consent is present. You can also clear cookies and browser storage at any time from your browser settings.
Strictly necessary
Cannot be disabled without breaking the product.
Required for the site to function: authentication, account security, consent memory, MFA routing, route/access gating, billing/onboarding status routing, and support-session safety. You cannot turn these off without breaking login or core security behavior.
| Name | Type | Purpose | Expires | Source |
|---|---|---|---|---|
| anolawg_session | Cookie | Authenticated session identifier. Without this cookie you cannot log in or use the product. | 7 days (configurable per firm); cleared on logout | First-party |
| anolawg_cookie_consent | Cookie | Stores your consent choices so the site can remember which optional categories you accepted or rejected. | 365 days or until the consent version changes | First-party |
| anolawg:cookie-consent | Local storage | Local browser copy of the same consent choice, used for same-origin JavaScript reads and cross-tab durability. | Until browser storage is cleared or the consent version changes | First-party |
| anolawg_mfa_pending | Cookie | Marks a login that must complete MFA before accessing protected app areas. | Session or cleared after MFA completes | First-party |
| anolawg_mfa_verified | Cookie | Optimistic hint that a Webmaster session has passed MFA step-up. Authoritative state is stored server-side; this cookie only avoids a database round-trip for route gating. | Session | First-party |
| anolawg_ws_shadow | Cookie | Temporary webmaster impersonation support token used to return the webmaster to the original session and clear impersonation state safely. | During an active impersonation session; cleared when impersonation ends or on logout | First-party |
| anolawg_utype | Cookie | Stores the logged-in user type (CRM user, attorney, expert, client, webmaster) so the proxy can route you to the correct section of the app without a database lookup on every request. | 7 days; cleared on logout | First-party |
| anolawg_arole | Cookie | Stores the authenticated role needed for firm and invite routing, especially immediately after sign-up or invite acceptance. | 7 days or cleared on logout | First-party |
| anolawg_fstatus | Cookie | Stores firm account status so onboarding, billing, and access gates can route users without a database lookup on every request. | 7 days or cleared when no longer applicable | First-party |
| anolawg_trialend | Cookie | Stores the firm trial end timestamp for trial banners and access routing during onboarding. | 7 days or cleared when no longer applicable | First-party |
Functional
Opt-out available — see 'Your choices' below.
Remember preferences, recent work context, calendar selections, and local encrypted-device state that improve the product. Turning these off may degrade usability or require re-enrollment of a local device, but does not let us use third-party advertising trackers.
| Name | Type | Purpose | Expires | Source |
|---|---|---|---|---|
| analawg-theme / analawg-bold-mode / analawg-sidebar-density | Local storage | Stores your visual appearance preferences, including theme, bold mode, and sidebar density. | Until browser storage is cleared or the preference is changed | First-party |
| anolawg-table-* | Local storage | Stores table view preferences such as sorting, filters, visibility, and pagination for repeat workflows. | Until browser storage is cleared or the view is reset | First-party |
| anolawg_recent_matters_* | Local storage | Stores recently viewed matters for a signed-in user so matter navigation can be faster. | Until browser storage is cleared or the list is overwritten | First-party |
| anolawg:calendar:* | Local storage | Stores checked calendar selections for the signed-in user on the calendar page. | Until browser storage is cleared or selections are changed | First-party |
| anolawg_e2ee / anolawg_e2ee_device_id | IndexedDB / local storage | Stores local end-to-end encryption device state and the local device identifier used by encrypted client-portal messaging. | Until browser storage is cleared or the device is reset | First-party |
Analytics
Opt-out available — see 'Your choices' below.
Help us understand product usage, page performance, attribution, and feature-test results so we can improve AnoLawg. We do not use advertising cookies or cross-site ad tracking.
| Name | Type | Purpose | Expires | Source |
|---|---|---|---|---|
| anolawg_utm | Cookie | Stores first-party marketing attribution parameters from the URL so we can understand which campaigns led to account creation. | 30 days | First-party |
| anolawg:ab:distinct_id (localStorage) | Local storage | Pseudonymous browser identifier used to keep feature-test and A/B-test variants stable. PostHog feature-flag calls are gated by analytics consent; local bucketing may use this ID without contacting PostHog. | Until browser storage is cleared | First-party |
| Vercel Analytics / Speed Insights | Provider script | Measures page views and web performance when enabled, so we can identify slow pages and reliability regressions. | Provider-controlled event storage; browser identifiers depend on Vercel's current implementation | Third-party |
| PostHog | Provider script | Supports product analytics, feature flags, and experimentation when analytics consent is present and PostHog is configured. | Provider-controlled; depends on the configured PostHog host and project settings | Third-party |
Your choices
- Browser controls. Any modern browser lets you view, block, or delete cookies on a per-site basis. Disabling
anolawg_sessionwill log you out. Clearing local browser storage may also remove saved preferences, recent matter shortcuts, calendar selections, and local E2EE device state. - Consent banner. In jurisdictions that require it, a banner will appear on your first visit so you can accept, reject, or customize non-essential cookies and similar technologies. Rejecting optional categories disables the optional features where the app checks consent.
- Do Not Track. We honor the
Sec-GPC(Global Privacy Control) signal as an opt-out of analytics where applicable.
Questions about cookies or privacy? Email privacy@anolawg.com. For security reports, see our security page.