Last updated: 23 March 2026
Cookies are small text files that are placed on your device (computer, tablet, or mobile phone) when you visit a website. They are widely used to make websites work more efficiently, provide information to website owners, and improve the user experience. Cookies can be "persistent" (remaining on your device until they expire or are deleted) or "session" cookies (deleted when you close your browser).
In addition to cookies, websites may use other browser storage mechanisms such as localStorage and sessionStorage. These function similarly to cookies but are only accessible by the website that created them and are not automatically sent with HTTP requests.
This Cookie Policy explains what cookies and browser storage Webrec uses on our own website (webrec.app), what third-party services may set cookies, and what browser storage the Webrec SDK uses on customer websites.
These cookies are strictly necessary for the website to function. They enable core features such as authentication and security. The website cannot function properly without them, and they cannot be disabled.
| Cookie Name | Purpose | Duration |
|---|---|---|
authjs.session-token / __Secure-authjs.session-token | Stores your authenticated session. Required to keep you logged in as you navigate the site. | Session / 30 days |
authjs.csrf-token / __Host-authjs.csrf-token | Cross-Site Request Forgery (CSRF) protection token. Prevents malicious third-party sites from making requests on your behalf. | Session |
authjs.callback-url / __Secure-authjs.callback-url | Stores the URL to redirect you to after authentication (e.g., the page you were visiting before logging in). | Session |
These cookies and storage items remember your preferences and choices to provide a more personalised experience.
| Storage Item | Type | Purpose | Duration |
|---|---|---|---|
theme | localStorage | Remembers your light/dark mode preference across visits. | Persistent (until cleared) |
webrec_cookie_consent | localStorage | Stores your cookie consent preference so the banner is not shown again. | Persistent (until cleared) |
We do not use any analytics cookies or third-party analytics trackers (such as Google Analytics, Plausible, or Fathom) on our marketing website or dashboard. We respect your privacy and do not track your browsing behaviour for advertising or analytics purposes.
Certain third-party services used by Webrec may set their own cookies when you interact with them. We do not control these cookies. They include:
| Service | When Set | Purpose | More Info |
|---|---|---|---|
| Stripe | When you visit the billing page or enter payment details | Fraud prevention and payment processing | Stripe Privacy Policy |
| When you use "Sign in with Google" | OAuth authentication | Google Privacy Policy | |
| GitHub | When you use "Sign in with GitHub" | OAuth authentication | GitHub Privacy Statement |
When Customers deploy the Webrec SDK (@webrec/sdk) on their websites or applications, the SDK uses browser storage mechanisms (not traditional cookies) to function. The following storage items may be created on End User devices:
| Storage Key | Type | Purpose | Duration |
|---|---|---|---|
wr_session | sessionStorage | Stores the current session identifier. Used to group user interactions into a single recording session. | Cleared when the browser tab is closed |
wr_identity | localStorage | Stores the user identity set by the Customer via the identify() API. Only present if the Customer explicitly calls this method. | Persistent (until cleared or overwritten) |
wr_anonymous_id | localStorage | Stores an anonymous visitor identifier to correlate sessions from the same visitor across page loads (but not across different sites). | Persistent (until cleared) |
Important notes about SDK storage:
sessionStorage items are automatically cleared when the tab or browser is closedlocalStorage items persist until explicitly cleared by the user or the websiteYou can control and manage cookies and browser storage through your browser settings. Most browsers allow you to:
Instructions for managing cookies in popular browsers:
Please note that blocking essential cookies will prevent you from logging into and using the Webrec dashboard.
Webrec respects both the Do Not Track (DNT) browser signal and the Global Privacy Control (GPC) signal.
Do Not Track is a browser setting that sends a signal to websites requesting that they do not track the user. When the Webrec SDK detects that a user has DNT enabled, no session recording will occur and no browser storage items will be created.
Global Privacy Control is a newer standard that allows users to signal their privacy preferences to websites. It is recognised under regulations such as the CCPA. When the Webrec SDK detects the GPC signal, no session recording will occur and no browser storage items will be created.
These signals are respected by default in the Webrec SDK. Customers do not need to configure anything additional to honour these user preferences.
We may update this Cookie Policy from time to time to reflect changes in the cookies and storage we use, or for legal, operational, or regulatory reasons. We will update the "Last updated" date at the top of this policy when we make changes.
For material changes, we will provide notice through a prominent banner on our website or by email. We encourage you to review this policy periodically.
If you have questions about this Cookie Policy or our use of cookies and browser storage, please contact us: