Cookie Policy — IMATT AMS

The IMATT Academic Management System uses cookies and similar browser storage to keep you signed in and to keep the System secure. This page explains what we set and why.

1. Strictly necessary

Session cookies issued by our authentication provider (Clerk) to keep you signed in across pages.
CSRF tokens to protect form submissions from cross-site request forgery.
Bot-protection tokens set by Cloudflare Turnstile on public forms (sign-in, apply, status lookup).

These cookies cannot be turned off — without them the System cannot function.

2. Analytics and error monitoring

PostHog records anonymised usage events so we can understand how features are used. Personally identifying details and entity IDs are stripped before events are sent.
Sentry captures runtime errors. Identifiers, emails, and amounts are scrubbed from the payload before transmission.

3. Local storage

The System uses browser local storage for small UI preferences (for example, the last viewed dashboard tab). No personal data is stored there.

4. Managing cookies

You can clear cookies and local storage from your browser settings at any time. Clearing them will sign you out and reset UI preferences. Browser-level "do not track" signals are respected for the analytics tools listed above.

5. Third-party providers

The third parties named above may set their own cookies on subdomains they control. Their policies apply to those cookies. See our Privacy Policy for the list of processors we rely on.