Tierlane Cookie Policy
Effective Date: 2026-06-01 Last Updated: 2026-06-01 Version: 1.0
1. About This Policy
This Cookie Policy explains how Tierlane uses cookies and similar technologies (such as local storage and pixel tags) on our two web surfaces: the marketing website at tierlane.app and the embedded Shopify admin application at app.tierlane.app. It supplements our Privacy Policy at tierlane.app/legal/privacy and is incorporated into it by reference.
For broader information about how we collect and use personal information — including who we are, your rights, and how to contact us — please read the Privacy Policy.
"Tierlane", "we", "us", and "our" refer to Tierlane, a business based in Toronto, Ontario, Canada.
2. What Cookies Are
A cookie is a small text file that a website asks your browser to store on your device. Cookies are widely used to make websites work, to remember preferences, and to provide analytics.
In this policy, "cookies" also covers other locally stored data such as HTML5 local storage, session storage, and pixel tags (1×1 transparent images sometimes used to record that a page loaded). The legal rules under EU ePrivacy, UK PECR, Quebec Law 25, and Brazil's LGPD apply equally to all of these technologies.
We use first-party cookies only: cookies set by Tierlane domains. We do not use third-party advertising cookies and we do not participate in cross-context behavioural advertising.
3. Tierlane's Two Surfaces
Tierlane has two web surfaces with different cookie rules.
3.1 The marketing site (tierlane.app)
This is the public website where you can read about Tierlane, see pricing, and read our legal pages. You do not need a Tierlane account to visit it.
We use a small number of first-party cookies on the marketing site for the purposes set out in Section 4. In jurisdictions that require it (the European Union and EEA, the United Kingdom, Quebec, and Brazil), we ask for your consent through a cookie banner before any non-strictly-necessary cookie is set. The banner gives you the choice to:
- Accept all cookies, including analytics.
- Reject all non-strictly-necessary cookies. This option is as easy to use as "Accept all".
- Customise your choice (granular toggles per cookie category).
Until you make a choice, only strictly-necessary cookies are set.
You can change your choice at any time by clicking the "Cookie preferences" link in the footer of tierlane.app.
In the United States, Canada (outside Quebec), Australia, New Zealand, and Singapore, the marketing site does not present a consent banner by default, because the laws of those jurisdictions either rely on an opt-out model or do not require pre-consent for first-party analytics. If you wish to opt out, use the "Cookie preferences" link in the footer.
3.2 The embedded admin app (app.tierlane.app, served inside the Shopify Admin)
When you install Tierlane and use it inside the Shopify Admin, the embedded admin app sets only strictly-necessary first-party cookies for authentication and session management. These cookies are essential to operate the app and are not subject to consent under the EU ePrivacy Directive, UK PECR, Quebec Law 25, or comparable laws.
We do not set advertising, marketing, or third-party analytics cookies in the embedded admin app. Pseudonymous product analytics are collected via our self-hosted PostHog instance, which records only shop_id and named events and discards IP addresses at ingestion. See Section 4.3 for details.
4. Cookie Categories We Use
We categorise cookies into three groups. Category 4 ("Advertising") does not apply to Tierlane: we do not use it.
4.1 Strictly-necessary cookies
These cookies are required for the Service to function. Without them, you cannot log in, the Service cannot remember that you are signed in, and security controls (like CSRF protection) cannot operate. They are set on both the marketing site and the embedded admin app.
| Cookie | Surface | Purpose | Duration |
|---|---|---|---|
| tl_session | app.tierlane.app | Maintains your signed-in session | Session (cleared on browser close) or up to 14 days if "Remember me" is on |
| tl_csrf | app.tierlane.app | CSRF / request-forgery protection | Session |
| tl_shop | app.tierlane.app | Identifies which Shopify shop the embedded app is rendering for (set by Shopify App Bridge) | Session |
| tl_consent | tierlane.app | Records the cookie banner choice you made (so we don't ask again) | 12 months |
| tl_lb (load-balancing) | both | Routes requests consistently to back-end nodes | Session |
Strictly-necessary cookies do not require consent under any privacy law we are aware of.
4.2 Functional cookies
These cookies remember choices you make so that the Service is more convenient.
| Cookie | Surface | Purpose | Duration |
|---|---|---|---|
| tl_theme | both | Remembers your light/dark mode preference | 12 months |
| tl_lang | tierlane.app | Remembers your language preference (if you change it) | 12 months |
Functional cookies are set by default outside the EU/EEA, UK, Quebec, and Brazil. In those jurisdictions, you can accept or reject them via the cookie banner.
4.3 Analytics cookies
We use our own self-hosted analytics (PostHog, EU region) to understand which pages are visited, which features are used, and where users encounter friction. Analytics data is pseudonymous:
- IP addresses are discarded at ingestion.
- For the marketing site, we set a first-party cookie with a random anonymous identifier so that we can tell a returning visitor from a new visitor.
- For the embedded admin app, person profiles are identified only by Shopify
shop_id. We do not capture Buyer PII.
| Cookie | Surface | Purpose | Duration |
|---|---|---|---|
| ph_* (PostHog distinct id) | tierlane.app | Anonymous identifier for first-party analytics | 12 months |
| ph_* (PostHog session id) | tierlane.app | Anonymous identifier for the current session | 30 minutes of inactivity |
Analytics cookies on the marketing site require consent in the EU/EEA, UK, Quebec, and Brazil and are only set after you click "Accept all" or enable the analytics toggle in "Customise".
4.4 Advertising / marketing / third-party tracking
We do not use these. We do not set Facebook, Google Ads, LinkedIn, TikTok, or any other third-party advertising or remarketing cookies. We do not sell or share information for cross-context behavioural advertising. We do not engage in profiling for targeted advertising.
5. Third-Party Cookies
We do not intentionally set third-party cookies. The only third-party content we embed is the Shopify App Bridge in the embedded admin app, which Shopify uses to render the app inside the Shopify Admin and to authenticate the session. Any cookies Shopify sets through App Bridge are governed by Shopify's own cookie and privacy policies and are necessary for the Service to function.
If you visit a third-party site through a link on tierlane.app, that third party's cookie practices are governed by its own policies.
6. Managing Your Cookies
You can control cookies in two ways.
6.1 Through Tierlane
- Cookie banner. When you first visit tierlane.app from a jurisdiction that requires consent (EU/EEA, UK, Quebec, Brazil), a banner appears giving you the choice to Accept all, Reject all, or Customise. "Reject all" is as easy to use as "Accept all" and we do not pre-check any non-strictly-necessary box.
- Cookie preferences link. The footer of tierlane.app includes a "Cookie preferences" link that lets you change your choice at any time, from anywhere in the world.
6.2 Through your browser
Most browsers let you view, manage, and delete cookies through their settings. The exact steps depend on your browser:
- Chrome / Edge / Brave: Settings → Privacy and security → Cookies and other site data.
- Firefox: Settings → Privacy & Security → Cookies and Site Data.
- Safari (macOS): Safari → Settings → Privacy.
- Safari (iOS): Settings → Safari → Block all cookies / Clear history.
Blocking strictly-necessary cookies will prevent parts of the Service from working.
6.3 Browser-level Do Not Track and Global Privacy Control signals
- The Do Not Track (DNT) header is a now-obsolete browser signal that most websites no longer honour. We do not rely on DNT. Where you are in a jurisdiction that previously required us to disclose our DNT response, we treat DNT as a request to opt out of analytics on the marketing site, equivalent to a "Reject all" banner choice.
- The Global Privacy Control (GPC) header is honoured by Tierlane as an opt-out of sale and sharing for the purposes of US state privacy laws (CCPA, CPRA, CTDPA, CPA, etc.). We do not sell or share personal information; we honour the signal anyway. We treat GPC on the marketing site as also opting you out of analytics cookies, equivalent to a "Reject all" banner choice.
7. Updates to This Cookie Policy
We may update this Cookie Policy from time to time. The Effective Date and Version at the top of the page show when it was last updated. Material changes (the addition of a new cookie category, a change to who can read the cookies, or a change to retention duration) will be notified in advance under the same notice mechanism described in Section 14 of the Privacy Policy.
A change log is maintained at tierlane.app/legal/cookies/changes.
8. Contact
For questions about this Cookie Policy:
- Privacy inquiries: privacy@tierlane.app
- Legal inquiries: legal@tierlane.app
- Security incidents: security@tierlane.app
- General contact: support@tierlane.app
To exercise broader privacy rights (access, deletion, correction, portability), see Section 9 of the Privacy Policy.