Legal · Effective from May 6, 2026
Cookie Policy
Last updated: May 6, 2026
This Cookie Policy explains what cookies and similar storage technologies QuickBuck (operated by Ambsd Group Inc) uses on quickbuck.io, why we use them, and how you can control them. It works alongside our Privacy Policy and Terms of Service.
We aim to use the minimum number of cookies needed to make the marketplace work safely. We do not run third-party advertising on QuickBuck and we do not share data with advertisers.
1. Introduction
QuickBuck uses a small number of cookies and browser storage technologies to operate the marketplace. This policy gives you the full breakdown — what each cookie does, who sets it, how long it lasts, and whether it's strictly necessary for the service to work.
We've intentionally kept the cookie surface small. We do not run third-party advertising. We do not share data with ad networks. We do not run cross-site tracking pixels for marketing purposes. The cookies that exist serve specific operational purposes documented below.
2. What Are Cookies?
Cookies are small text files placed on your device by websites you visit. They store data (usually a session identifier or user preference) that the website can read when you return.
Similar technologies include browser localStorage, sessionStorage, and IndexedDB — all of which can store data locally in your browser without using the traditional cookie format. We use some of these in addition to cookies; they're covered in Section 6.
Cookies fall into two main categories by source:
- First-party cookies — set by quickbuck.io itself.
- Third-party cookies — set by services we embed or integrate with (Stripe checkout iframe, Cloudflare security challenges, Firebase Auth, etc.).
They also fall into categories by function: strictly necessary, functional, analytics, and security. We do not set marketing cookies and we do not allow advertising-network cookies.
3. Categories We Use
3.1 Strictly necessary
Required for the Platform to function. Without these, you couldn't sign in, reserve a Slot, or process a payout. These cannot be disabled in our cookie controls because they are essential. You can still block them at the browser level, but doing so will break Platform functionality.
Examples: authentication session tokens, CSRF tokens, security challenge cookies.
3.2 Functional
Improve usability and remember your preferences. Without these, the Platform still works but you may have to re-enter preferences each visit.
Examples: dashboard mode (Worker / Poster), language, theme preference, last-viewed Gig category, debug overrides.
3.3 Analytics & performance
Help us understand which pages are useful, where users get stuck, which bugs need fixing, and how the marketplace performs under load. Aggregated and pseudonymized where possible.
Examples: PostHog product analytics, Sentry error monitoring, Cloudflare performance metrics.
3.4 Security & anti-abuse
Protect the Platform from credential-stuffing attacks, automated abuse, suspicious traffic patterns, and fake-account creation. These work in tandem with strictly-necessary auth cookies.
Examples: Cloudflare bot management cookies, rate-limit tokens, Turnstile challenge cookies.
4. Specific Cookies We Set
The following table lists the specific cookies and storage items used by QuickBuck or by services we integrate with. Names and durations may vary slightly as we ship updates; this list reflects the current state.
| Name | Set by | Category | Duration | Purpose |
|---|---|---|---|---|
| firebase:authUser:* | Firebase Auth | Strictly necessary | Session | Maintains your signed-in session. |
| firebaseLocalStorageDb | Firebase Auth | Strictly necessary | Persistent | IndexedDB store for auth state across tabs. |
| __cf_bm | Cloudflare | Security | 30 minutes | Cloudflare Bot Management — distinguishes humans from bots. |
| cf_clearance | Cloudflare | Security | 30 days | Records that you passed a Cloudflare security challenge. |
| cf_chl_* | Cloudflare Turnstile | Security | Session | CAPTCHA-style challenge tokens. |
| __stripe_mid | Stripe | Strictly necessary | 1 year | Stripe fraud-prevention identifier on checkout pages. |
| __stripe_sid | Stripe | Strictly necessary | 30 minutes | Stripe fraud session token. |
| qb_dashboard_mode | QuickBuck | Functional | Persistent | Remembers Worker / Poster dashboard mode preference. |
| qb_intent | QuickBuck | Functional | Persistent | Stores onboarding intent (earn / post / both). |
| qb_debug_* | QuickBuck | Functional | Persistent | Debug overrides for testing (Trust Level simulation, etc). |
| ph_*_posthog | PostHog | Analytics | 1 year | Pseudonymized product-analytics distinct ID. |
| sentry-* | Sentry | Analytics (errors) | Session | Correlates JS errors to user sessions for debugging. |
| G_AUTHUSER_H | Google OAuth | Strictly necessary (when using Google sign-in) | Session | Google sign-in flow state. |
5. Third-Party Cookies
Some of the cookies above are set by third parties we integrate with. We've selected these vendors carefully and have GDPR-compliant Data Processing Agreements with each:
5.1 Stripe
Stripe handles payment collection from Posters. When you visit a Stripe-hosted checkout iframe or our Stripe Elements integration, Stripe sets cookies on its own domain (js.stripe.com, checkout.stripe.com) to detect fraud and verify your session. Stripe's cookie settings.
5.2 Firebase (Google Cloud)
Firebase Authentication and Firestore use cookies and browser storage to maintain your signed-in session and synchronize data across tabs. Firebase privacy details.
5.3 Cloudflare
Cloudflare provides our CDN, DDoS protection, and bot management. Cloudflare cookies (__cf_bm, cf_clearance) help distinguish human visitors from automated abuse. Cloudflare cookie policy.
5.4 Google OAuth (when used)
If you sign in with Google, Google's authentication flow may set cookies to maintain your Google session and complete the OAuth handshake. Google's cookie technologies.
5.5 PostHog
PostHog provides our product analytics. Their cookies are used to identify a pseudonymous distinct user across page views so we can build funnels and understand drop-off points. PostHog supports IP anonymization and is GDPR-compliant. PostHog privacy.
5.6 Sentry
Sentry handles error monitoring. Sentry cookies and request metadata help us correlate JS errors to specific sessions for debugging. PII redaction is enabled. Sentry privacy.
6. localStorage & sessionStorage
In addition to cookies, we use browser-side storage APIs:
- localStorage — persistent storage that survives browser restarts. We use it for non-sensitive preferences (dashboard mode, intent, debug overrides) and Firebase Auth token caching.
- sessionStorage — storage that lasts only as long as the browser tab is open. We use it for transient state (e.g. multi-step flow progress).
- IndexedDB — used by Firebase Auth for cross-tab session synchronization.
These are not technically "cookies" but follow the same regulatory framework under EU/UK ePrivacy rules — meaning we treat them with the same care.
7. Cookie Duration
Cookies fall into two duration categories:
- Session cookies — deleted when you close your browser. Used for short-lived state (auth, security challenges, transient flows).
- Persistent cookies — remain on your device until the expiration date or until you delete them. Used for "remember me" functionality, preferences, and long-running analytics identifiers.
The specific duration of each cookie is listed in the table in Section 4. We aim to set the shortest duration practical for the cookie's purpose.
8. Managing Your Preferences
You have several options to control cookies:
- Browser settings — every modern browser allows you to view, delete, and block cookies (see Section 9 for browser-specific links).
- Third-party opt-outs — for analytics cookies (PostHog), you can opt out within your QuickBuck account settings.
- Account deletion — deleting your QuickBuck Account triggers cleanup of associated cookies on next sign-out.
Be aware: blocking strictly-necessary cookies will prevent the Platform from functioning. You won't be able to sign in, reserve Slots, or complete payouts.
9. Browser-Specific Controls
Direct links to cookie management documentation for major browsers:
- Chrome: support.google.com/chrome/answer/95647
- Safari (macOS): support.apple.com/HT201265
- Safari (iOS): support.apple.com/HT201265
- Firefox: support.mozilla.org/cookies
- Edge: support.microsoft.com/edge cookies
- Brave: support.brave.com
- Opera: help.opera.com
10. Do Not Track Signals
Some browsers send a "Do Not Track" (DNT) signal to websites. There is no industry consensus on how to respond to DNT, and the W3C has discontinued the DNT specification. QuickBuck does not currently respond differently to DNT signals.
However, we honor the Global Privacy Control (GPC) signal as a request to opt out of "selling" or "sharing" personal information under California law. As stated in our Privacy Policy, we do not sell or share personal information for cross-context behavioral advertising regardless of GPC, but if your browser sends GPC we treat it as confirmation of that preference.
11. Consent (EU/UK Users)
Under the EU ePrivacy Directive and UK Privacy and Electronic Communications Regulations (PECR), non-essential cookies require user consent before being set.
For QuickBuck:
- Strictly necessary cookies (auth, security, fraud prevention) are set without prior consent because they are required to deliver the service you requested by visiting the Platform.
- Functional cookies (preferences) are set after you take an action that implies consent (e.g. switching dashboard mode).
- Analytics cookies (PostHog, Sentry) load on first visit; you can opt out in your account settings.
- Marketing cookies — we do not set these.
You can withdraw consent for analytics cookies at any time. Withdrawal does not affect data collected prior to withdrawal under different lawful bases (e.g. legitimate interests).
12. Changes to This Policy
We may update this Cookie Policy from time to time as we add or remove integrations, change vendors, or comply with new regulations. When we do:
- We revise the "Last updated" date at the top of this page;
- For material changes (new third-party cookies, new categories) we will notify users via email and provide notice in-app;
- For minor changes (vendor name updates, clarifications) we may simply update without explicit notification.
Your continued use of the Platform after changes take effect constitutes acceptance of the updated policy.
13. Contact
For questions about cookies or this policy:
- Privacy / cookie questions: [email protected]
- Security: [email protected]
- General support: [email protected]
- Operating entity: Ambsd Group Inc
You can read more about who runs QuickBuck on our About page, and explore our blog for guides on the marketplace.