Back to System2

Cookie & Tracking Notice

Last updated: April 28, 2026

We use the minimum cookies needed to keep you signed in and the product working. We don't run ad networks, we don't sell data, and we don't follow you around the internet.

What this page covers

This Notice explains the cookies, local storage, session storage, and similar technologies (collectively, "cookies") used on system2.sh and within the System2 product, and how you can control them. It supplements our Privacy Policy.

Strictly necessary (always on)

These keep the product working. You can't turn them off without breaking sign-in and security.

  • Supabase auth session (e.g. sb-*-auth-token) — keeps you signed in. HTTP-only, secure, same-site.
  • CSRF token — protects sign-in flows from cross-site request forgery.
  • Onboarding-finished flag (localStorage) — remembers that you've completed onboarding so we don't re-show the welcome banner.

Functional (always on)

These remember your preferences within the product. They don't track you across the web.

  • Theme preference (light / dark) — localStorage.
  • Last-active company — so the right workspace loads when you return.
  • UI state— collapsed sidebars, dismissed banners, "don't show again" choices.

Analytics & error tracking

We use server-side and product telemetry to understand how the Service is used and to fix bugs. We do not run advertising trackers, retargeting pixels, or third-party marketing analytics.

  • Sentry — error tracking. Captures stack traces, request URLs, and a session identifier. We redact authorization/cookie headers and a defined list of sensitive body keys (passwords, tokens, secrets, API keys) before events leave our server; stack-trace context can still incidentally include other Customer Content.
  • Better Stack — server-side uptime monitoring. Does not run code in your browser.

Marketing cookies

We currently use no marketing or advertising cookies. We don't run retargeting pixels, behavioral-ad networks, or social-media tracking pixels. If we add any in the future, we will update this Notice and present a consent banner where required by law.

Your choices

  • Browser settings— you can block or delete cookies in your browser. Strictly-necessary cookies will be reset on each session if you do this; you'll be signed out and have to sign in more often.
  • Do Not Track / Global Privacy Control — we honor the GPC and DNT signals as opt-out requests for any optional analytics where applicable.
  • Account deletion — removes all server-side state tied to your account; see our Privacy Policy for the full retention schedule.

Updates

We'll update this Notice when we change the cookies we use. The date at the top reflects the most recent revision. For material additions (e.g. a new analytics or marketing tool), we'll show a banner and ask for consent where required.

Questions about this document? privacy@autono.sh

Postal: Autono Labs, Inc. (operator of System2), 131 Continental Drive, Suite 305, Newark, DE 19713, USA. See /legal for our full set of policies.

© 2026 Autono Labs, Inc. All rights reserved. System2 is a product of Autono Labs, Inc.