Last updated: 24 January 2026
Privacy Policy
Introduction
This privacy policy explains how SortieHQ collects and uses your personal information when you use our website and services.
We're a UK-based business currently in formation. We're committed to being transparent about what data we collect and why. By using our website, you're agreeing to this policy.
What We Collect
Information You Provide
You may choose to provide personal information when interacting with our website or web app. This includes your email address if you express interest in our company or sign up for our waiting list. If you choose to participate in surveys or other market research activities, we will collect the information and responses you submit.
If you sign up to our web app, we will collect the information you provide during registration, such as your email address, name, and organisation, as well as any other information you choose to add to your account.
Information We Collect Automatically
We use PostHog (hosted on EU servers) and Sentry to understand how people use our site and to fix bugs. This means we automatically collect analytics data like which pages you visit, how you found us, and what device you're using. We also collect technical information including your IP address and browser type. To help us identify and fix problems, we collect error logs and performance metrics such as API response times and page load times. We also track user behaviour including page views, clicks, and navigation patterns.
Cookies and local storage
We use cookies and local storage, but only our own first-party technologies for our domain. We don't track you across other websites and we don't use any third-party tracking cookies.
Essential Cookies (Always Active)
We use authentication and session cookies provided by Better Auth to keep you logged in securely.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
better_auth_session |
Better Auth | Stores your session token | Until logout or based on preferences |
better_auth_session_data |
Better Auth | Caches your session data | 5 minutes (performance cache) |
better_auth_account_data |
Better Auth | Holds your account information | Until logout or based on preferences |
better_auth_dont_remember_token |
Better Auth | Manages "remember me" functionality | Based on your preference |
These cookies keep you logged in securely as you navigate the application and validate your identity on each request. The session cache expires after 5 minutes for performance optimisation, whilst session tokens last until you log out or based on your "remember me" preference if you've opted in to that feature.
These cookies have strong security measures in place. They're HttpOnly, which means they can't be accessed by JavaScript and are protected against cross-site scripting attacks. They're also Secure, meaning they only work over HTTPS in production, and they have SameSite protection against cross-site request forgery attacks. All session data is encrypted and validated server-side every time you make a request.
The legal basis for these cookies is legitimate interest, as they're strictly necessary for the service to work. Without them, you wouldn't be able to log in or use SortieHQ.
Functional Cookies (Can be disabled)
We use a custom theme preference cookie to remember whether you prefer light mode, dark mode, or your system default.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
theme |
SortieHQ (custom) | Stores your visual theme preference (light, dark, or system) and prevents flash of unstyled content | 1 year |
This cookie has a Secure flag in production and SameSite: Lax protection. In production, it's set for .sortiehq.com which means it works across all our subdomains.
You can clear this cookie at any time via your browser settings. If you do, we'll simply use your operating system's theme preference instead. The legal basis for this cookie is legitimate interest, as it enhances your experience but isn't essential for the service to work.
Analytics Cookies (Can be disabled)
We use PostHog Analytics to help us understand how you use SortieHQ so we can make it better.
| Cookie Name | Provider | Purpose | Duration |
|---|---|---|---|
ph_* (various cookies) |
PostHog | Tracks session identifiers, user IDs, and feature flags to understand product usage and improve features | 1 year |
These cookies last for one year. We've configured PostHog with several privacy-preserving features. Person profiles are only created after you log in, so anonymous visitors don't get profiles created at all. All data stays in the EU on PostHog's EU servers at eu.posthog.com. We only track activity on sortiehq.com and never track you across other websites. Your data stays with us and PostHog and is never shared with third parties.
On our marketing site, we track anonymous page views and navigation for public visitors. Once you log in to the web app, we identify you and track feature usage along with your email, name, and user ID so we can understand how the product is being used and improve it.
You can block these cookies with browser settings or ad blockers, and SortieHQ works perfectly fine without analytics. The legal basis for these cookies is legitimate interest for product improvement.
What We Don't Use Cookies For
We don't use cookies for advertising or retargeting. We don't track you across other websites. We don't collect or share data with third parties beyond the service providers described in this policy. We don't engage in cross-site user profiling.
Error Monitoring (Sentry)
Sentry monitors errors and performance but does not use cookies. It doesn't set any cookies or persistent identifiers at all.
Sentry collects error messages and stack traces when something goes wrong, performance metrics to help us understand how fast the application is running, and environment information to help us reproduce and fix bugs. We've configured Sentry with strong privacy measures. It doesn't collect any personally identifiable information by default, and all sensitive data is automatically scrubbed. We only sample 10% of transactions for performance monitoring to minimise data collection.
The legal basis for Sentry is legitimate interest, as error monitoring is essential for service reliability and security.
How To Manage Cookies
Essential cookies cannot be disabled without losing login functionality, though you can clear them via browser settings, which will log you out. Functional cookies like the theme preference can be disabled or cleared via browser settings, and we'll use your system preference instead.
What We Don't Collect Yet
As we develop SortieHQ further, we'll collect additional data to make the product work better. This will include more detailed usage data via cookies and local storage, tracking of returning users and unique visitors, session data that tracks events within the same session, user preferences stored locally in your browser, user IDs and session IDs, and timestamps for your activity.
We'll update this policy before we start collecting any of this data, so you'll always know what we're doing.
How We Use Your Information
We use your information to communicate with you about SortieHQ, provide and improve our services, keep you logged in securely, and understand how people use our website so we can make it better. We use it to fix bugs and technical issues, send you updates if you've signed up for them, and monitor service reliability and performance.
We don't sell your data to anyone. We don't use it for advertising or retargeting. We don't share it with third parties except the trusted service providers described below. We don't track you across other websites.
Who We Share Your Information With
We use a small number of trusted service providers who process data on our behalf. These include PostHog, which is hosted on EU servers and provides product analytics and insights. We use Sentry for error tracking and performance monitoring. We also use Better Auth as our authentication framework, which we self-host in our own infrastructure.
We do not share your data with advertisers or third-party trackers.
Data Storage and Security
Your authentication data is stored in a PostgreSQL database in our infrastructure. Our infrastructure is hosted on Railway in the Netherlands. Analytics data is stored in PostHog's EU data centre at eu.posthog.com. Error logs are stored in Sentry's cloud infrastructure, which is GDPR-compliant.
We protect your data with encrypted connections using HTTPS, encrypted session data, HttpOnly and Secure cookie flags, SameSite protection against attacks, server-side validation of all requests, and regular security monitoring.
No method of internet transmission is 100% secure, but we take appropriate technical and organisational measures to protect your data.
Your Rights (GDPR)
If you're in the UK, EU, or EEA, you have several rights regarding your personal data. You have the right to access your personal data and see what we have. You can correct any incorrect information. You can delete your data, which is often called the "right to be forgotten". You can object to how we process your data, restrict our processing of your data, and request data portability to get a copy of your data in a usable format. You can also withdraw consent at any time for any processing that's based on consent.
To exercise any of these rights, email us at privacy@sortiehq.com and we'll respond within 30 days.
How Long We Keep Your Data
We'll keep your information for as long as you have an active relationship with us, we need it to provide our services, or we're legally required to keep it.
Specifically, session cookies have a 5-minute cache or last until logout. Theme preferences last for one year or until you clear them. Analytics data is kept for one year. Account data is kept until you delete your account.
If you ask us to delete your data, we'll do so unless we have a legal obligation to keep it.
International Transfers
Your data is primarily processed in the UK and EU. If we transfer data outside the UK or EEA, we'll ensure it's protected by appropriate safeguards such as Standard Contractual Clauses (SCCs).
PostHog processes data in the EU, and we have Data Processing Agreements in place with all our service providers to ensure they handle your data appropriately.
Changes to this policy
We're still building SortieHQ, so this policy will evolve as we add new features and capabilities. When we make significant changes, we'll update this page and update the "last updated" date at the top. We'll make sure the new version is easily accessible so you can review it.
Your continued use of SortieHQ after changes means you accept the updated policy.
About us
SortieHQ is a UK business currently in formation. We act as the data controller for all personal information we collect.
If you have any questions about this privacy policy or how we handle your data, please email us at privacy@sortiehq.com. We'll do our best to respond promptly and helpfully.
Contact us
For all privacy-related questions, concerns, or to exercise your data protection rights, email us at privacy@sortiehq.com.