Effective May 12, 2026. Strictly necessary, functional, analytics. No cross-context behavioral ad cookies. GPC honored.
Cookies are small text files placed on your device by a website you visit. They are widely used to make websites work, make them work more efficiently, and provide reporting information. We also use similar technologies, including pixel tags, web beacons, local storage, session storage, and software development kit (SDK) identifiers; references in this policy to "cookies" include all of those technologies.
(a) STRICTLY NECESSARY — required for the Platform to function, including authentication, CSRF protection, load balancing, and security; these cannot be switched off. (b) FUNCTIONAL — remember preferences such as language, region, and last-viewed dashboard. (c) PERFORMANCE / ANALYTICS — measure usage so we can improve the Platform (PostHog in cookieless mode wherever feasible). (d) MARKETING — measure the performance of marketing campaigns; ROOF_OS does not set third-party advertising cookies by default and does not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA.
rs_session — authentication session token; strictly necessary; expires on logout or 30 days. rs_csrf — CSRF protection; strictly necessary; expires on session end. rs_pref — UI preferences (theme, region); functional; 1 year. ph_distinct_id — anonymous analytics identifier; performance; 1 year (cookieless mode where supported). _cf_bm — Cloudflare bot management; strictly necessary; 30 minutes. We update this list as cookies change; the controlled version lives in the Platform's Cookie Settings panel.
We set strictly necessary cookies on the basis of legitimate interest in delivering the service you requested (and where the ePrivacy exemption applies). All other cookies are set only with your prior consent, expressed through the cookie banner on first visit and adjustable at any time via the Cookie Settings panel. Withdrawing consent is as easy as giving it; withdrawal does not affect prior lawful processing.
ROOF_OS does not "sell" personal information for money and does not "share" personal information for cross-context behavioral advertising as those terms are defined under the CCPA, as amended by the CPRA. You may exercise your rights to know, correct, delete, and limit use of sensitive personal information by contacting privacy@roof10x.com. We honor the Global Privacy Control (GPC) signal; visitors whose browsers transmit GPC are treated as having opted out of any future sale or share. A separate "Do Not Sell or Share My Personal Information" link is provided in the site footer for completeness.
You can: (a) use the in-product Cookie Settings panel to enable or disable categories; (b) configure your browser to refuse or delete cookies; (c) install a privacy-preserving browser extension; (d) install the Global Privacy Control signal. Blocking strictly necessary cookies will break authentication and security and will prevent use of the Platform; we cannot compensate for the resulting service degradation.
We honor the GPC signal as described in Section 5. The legacy "Do Not Track" header is not yet supported by a uniform industry standard; we treat DNT as a request for the same opt-out treatment as GPC.
We may update this Cookie Policy from time to time. The effective date below indicates the most recent revision. Material changes to the cookie categories will be re-prompted in the cookie banner.
Cookies & privacy: privacy@roof10x.com. Mailing address: ROOF_OS, Inc., Austin, TX.
