Legal Document
Cookie Policy
ThreatSabre Limited
Last updated 10 March 2026
1. About This Policy
This Cookie Policy explains how ThreatSabre Limited (“we”, “us”, or “our”) uses cookies and similar technologies on our website at www.threatsabre.com (the “Website”). It should be read alongside our Privacy Policy, which explains how we handle your personal data more broadly.
2. What Are Cookies?
Cookies are small text files placed on your device by a website. They are widely used to make websites work efficiently, remember your preferences, and provide information to the site owner. Some cookies are set by the website you are visiting (“first-party cookies”), while others are set by third-party services that appear on the page (“third-party cookies”).
3. How We Use Cookies
We use a two-tier approach to website analytics:
- Cookieless analytics (active for all visitors) — no cookies, no consent required
- Cookie-based analytics (opt-in only) — activated only if you accept via our cookie banner
This means that if you reject cookies or simply ignore the banner, no analytics cookies will be set on your device and no data will be stored in your browser. We will still collect anonymised analytics using our cookieless approach (described below), which does not involve cookies or any client-side storage.
4. Cookieless Analytics (No Consent Required)
We collect baseline website analytics without using cookies or storing any data on your device.
Our analytics provider, PostHog, runs in a privacy-preserving in-memory mode for every visitor by default. In this mode:
- No cookies are set, and nothing is written to your browser’s local or session storage — analytics state exists only in memory while the page is open and is discarded when you leave.
- No persistent or cross-session identifier is created, so your activity cannot be linked across visits.
- PostHog is configured so that person profiles are disabled and your IP address is not stored.
- The data collected cannot, in our assessment, be used to identify a natural person.
This cookieless analytics collects:
| Data | Purpose |
|---|---|
| Pages visited | Understand which content is useful |
| Time on page | Measure engagement |
| Referring URL | Understand how visitors find us |
| Browser type and version | Ensure compatibility |
| Operating system | Ensure compatibility |
| Approximate location (country/region), where available | Understand our audience geography |
| Page performance metrics | Monitor and improve site speed |
Why no consent is required: No data is stored on your device (no cookies, no local or session storage), no persistent identifier is created, person profiles are disabled, and your IP address is not stored. Because this analytics does not store information on, or access information already stored on, your device, it falls outside the consent requirement of the ePrivacy Directive (Article 5(3)).
5. Cookie-Based Analytics (Consent Required)
If you accept analytics cookies via our cookie banner, we additionally set cookies that enable richer session tracking and interaction data. These cookies help us understand user journeys across multiple pages and sessions.
Cookies We Set
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
ph_phc_*_posthog | PostHog | Stores a unique session/device identifier for analytics tracking | 1 year | First-party |
ph_*_ph_session_id_* | PostHog | Identifies a browsing session for grouping page views | 30 minutes | First-party |
PostHog is configured with IP anonymisation enabled and person profiles disabled, meaning that even with cookies active, your IP address is not stored and no identified user profile is created.
- Data processed: Session identifiers, page views, interaction events, device type, screen resolution
- Location: PostHog Cloud (United States)
- Transfer mechanism: PostHog DPA with EU Standard Contractual Clauses
- PostHog Privacy Policy
Lawful Basis
Cookie-based analytics rely on your consent (GDPR Article 6(1)(a)). You may accept or reject analytics cookies via the cookie banner shown on your first visit. If you reject cookies, only cookieless analytics (Section 4) will be active.
6. Essential Cookies
Essential cookies are strictly necessary for the Website to function. They do not require consent under the ePrivacy Directive.
| Cookie Name | Provider | Purpose | Duration | Type |
|---|---|---|---|---|
cf_clearance | Cloudflare | Records that you have passed a Cloudflare security challenge (bot protection) | Up to 30 minutes | First-party (set by Cloudflare) |
__cf_bm | Cloudflare | Bot management — distinguishes humans from automated traffic | 30 minutes | First-party (set by Cloudflare) |
cookie_consent | ThreatSabre | Stores your cookie consent preference (accepted or rejected) so the banner is not shown again | 1 year | First-party |
Cloudflare also uses Turnstile on our forms for bot protection. Turnstile may collect technical browser information to verify you are a human visitor but does not set persistent tracking cookies.
7. Managing Your Cookie Preferences
Accepting or Rejecting Cookies
When you first visit our Website, a cookie banner will ask whether you accept or reject analytics cookies. Your choice is stored in a cookie_consent cookie so we can remember your preference.
- If you accept, PostHog analytics cookies will be set (see Section 5)
- If you reject or close the banner without choosing, no analytics cookies will be set; cookieless analytics will continue (see Section 4)
Changing Your Preferences
You can change your cookie preferences at any time by clicking the “Cookie Settings” link in the Website footer. This will re-open the cookie banner so you can update your choice.
You can also:
- Clear cookies through your browser settings
- Configure your browser to block all cookies or alert you when a cookie is being set
Note that blocking essential cookies may affect the functionality of the Website (for example, bot protection challenges may reappear more frequently).
Withdrawing Consent
Under GDPR Article 7(3), withdrawing consent must be as easy as giving it. You can withdraw your consent for analytics cookies at any time by:
- Clicking “Cookie Settings” in the Website footer and selecting “Reject”
- Clearing your browser cookies for www.threatsabre.com
Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
8. Third-Party Cookies
We do not use third-party advertising, social media, or remarketing cookies. The only third-party services that may set cookies on our Website are:
- Cloudflare — essential security cookies (see Section 6)
- PostHog — analytics cookies, only with your consent (see Section 5)
9. Changes to This Policy
We may update this Cookie Policy when we change the cookies we use or when regulatory guidance changes. We will update the “Last updated” date at the top of this page. Material changes will also be noted in our Privacy Policy.
10. Contact Us
If you have questions about our use of cookies, contact us at:
ThreatSabre Limited Email: support+privacy@threatsabre.com
See our Privacy Policy for full details of your data protection rights.