Cookie Policy - JoltSMS

This Cookie Policy explains how Reliable Channel LLC (“JoltSMS,” “we,” “us,” or “our”) utilizes cookies, browser local storage (localStorage), and related tracking technologies across our marketing platform (https://joltsms.com) and our core real-SIM inbound SMS dashboard (https://app.joltsms.com).

In alignment with our engineering standards and data minimization principles, we maintain absolute transparency regarding the local data storage keys our applications write to your machine. We do not engage in third-party cross-site behavioral ad-retargeting, nor do we sell or lease information stored on your local device to external data brokers.

🔍1. Understanding Cookies and Local Storage

Cookies: A cookie is a compact text file that a web server saves within your local web browser during an active session loop. Cookies enable web services to preserve authentication state, recognize cross-subdomain transitions, and synchronize user choices across an entire monorepo environment.
Local Storage (localStorage): Local storage is an alternative data framework native to modern web browsers. It holds data configurations locally on your machine with no programmatic expiration date, persisting even after the web browser is closed and reopened.
In-Memory Volatile Storage: Application query states, real-time telemetry caches, and live messaging streams are handled exclusively within volatile client-side or server-side runtime memory structures (such as core React Query states). These states are completely destroyed upon a page refresh or an active application logout cycle.

🛠️2. Comprehensive Storage Inventory

JoltSMS segments its storage footprints into transparent functional categories based directly on our active codebase layout. Every active cookie and storage key utilized across our properties is detailed below:

Strictly Necessary Storage (Platform Operations & Consent)

These tracking items are technically required to enforce platform security, preserve user identity loops, record your privacy choices, and deliver real-time data elements. They do not require prior user consent under global privacy frameworks:

Key / Identifier	Storage Type	Domain Location	Core Functional Purpose & In-Code Behavior
`joltsms_session`	HttpOnly Secure Cookie	`.joltsms.com` (Cross-Subdomain)	Better Auth Session Lifecycles: Our primary authentication token. Maps secure cross-subdomain cookie parameters between our platforms to recognize your authenticated account identity.
`themePref`	Browser `localStorage`	`app.joltsms.com`	Interface Layout Control: Configured via our internal `ThemeProvider.tsx` dashboard engine. Preserves your chosen color mode configuration (light vs. dark mode) to guarantee a zero-flash layout render upon cold boot initializations.
`getterms_cookie_consent`	Browser `localStorage`	Marketing & Dashboard	Consent Widget Persistence: Records the active state of your cookie choices via our embedded GetTerms (`gettermscmp.com`) compliance script so you are not prompted to select preferences on subsequent visits.
Transient Handshake Params	Volatile In-Memory	`app.joltsms.com`	Real-Time SMS Socket Delivery: Preserves temporary communication states across our custom Socket.IO server configurations to enable instantaneous inbound message delivery events.

First-Party Product Analytics & Performance

We deploy analytical tools — specifically PostHog (product analytics) and Google Analytics 4 (audience and acquisition reporting) — to optimize platform functionality and measure performance across both our marketing site and our authenticated user dashboard layouts. The Google Analytics script (gtag.js) is loaded directly from Google’s edge servers (googletagmanager.com) when consent is granted, and pageview events are transmitted to Google’s analytics infrastructure. These elements are strictly conditional and remain gated by your preferences chosen inside our cookie consent management widget:

Key / Identifier	Storage Type	Domain Location	Core Functional Purpose & In-Code Behavior
`ph_joltsms` (and variants)	First-Party Cookie	`.joltsms.com` (Cross-Subdomain)	PostHog Product Analytics: Generates non-identifiable, unique client tokens to evaluate pageview frequencies, monitor user conversion funnels, and construct baseline user personas. Automated tracking capabilities like global element click autocapture are systematically deactivated by default.
`_ga`	First-Party Cookie	`.joltsms.com` (Cross-Subdomain)	Google Analytics 4 — User Identifier: Randomized client identifier used by Google Analytics 4 (operated by Google LLC) to recognize returning visitors and aggregate visitor counts across our marketing and dashboard properties. Two-year retention.
`_ga_<container_id>`	First-Party Cookie	`.joltsms.com` (Cross-Subdomain)	Google Analytics 4 — Session State: Stores per-property session and engagement metrics. Distinct container variants are written by our marketing property (`_ga_RBPBGVR97M`) and authenticated dashboard property (`_ga_X2Q70NF9JX`). Two-year retention.
`joltsms_analytics_consent`	First-Party Cookie	`.joltsms.com`	Cross-Subdomain Consent Sync: Stores your verified analytical cookie preferences to ensure your choices are respected uniformly across both marketing and dashboard routing properties.

Third-Party Financial Integration Storage

When our checkout interfaces or subscription management panels load, our platform dynamically provisions secure payment inputs provided directly by our merchant gateway, Stripe, Inc. Stripe deploys its own array of tracking keys strictly to evaluate transaction risk profiles, prevent payment-first fraud vectors, and execute mandatory regulatory multi-factor challenges:

Storage Key Group	Storage Type	Originating Domain	Core Functional Purpose & In-Code Behavior
Stripe Core Cookies	Secure Cookies	`.stripe.com`	Fraud Prevention & Risk Evaluation: Deploys cookies dynamically via the `js.stripe.com` integration framework to run mandatory 3D Secure (3DS) bank verification challenges and analyze runtime data metrics to defend against payment fraud.
Stripe Link Parameters	Secure Cookies	`.link.com` / `.stripe.com`	Accelerated Checkout Profiles: Optional session preservation tools utilized strictly to remember user Link authentication statuses when saving default card profiles.

🔒3. Analytics Engine Scope and Content Protections

JoltSMS utilizes PostHog product analytics and Google Analytics 4 across our environments to optimize user flows and monitor backend stability. However, we enforce explicit restrictions to ensure your private data streams remain completely isolated:

🛡️

Strict Communication Isolation

The analytics engines operating across our properties are programmatically barred from reading or inspecting your transactional information. Neither analytics provider logs, captures, or accesses the textual body content of your inbound SMS streams, parsed verification records, or raw developer API keys.

Google Analytics Scope Boundary: Our Google Analytics 4 integration fires only standard, localized page_view events. It does not read DOM content, capture form inputs, ingest message body strings, or process inbound SMS payloads. The data Google receives is strictly limited to metadata such as URL path, referrer string, viewport dimensions, browser user-agent, and approximate geographic region.
The ph-no-capture Security Shield: Our code explicitly isolates PostHog analysis using programmatic privacy tags. All dashboard interface views presenting raw inbound messages, parsed verification tokens, and newly generated automated developer API keys are wrapped inside a rigid ph-no-capture style mask. This ensures that sensitive data strings are redacted locally at the browser layer and are never transmitted to outside servers.

🎥4. Conditional Session Recording Disclosures

To debug transaction errors, optimize onboarding layouts, and provide support for complex billing workflows, JoltSMS selectively utilizes first-party session recording technologies via PostHog.

Execution and Isolation Boundaries

Gated Activation Paths: Session recording routines (DOM event stream capture for layout optimization and customer support engineering) are deactivated by default during standard dashboard operation. Recording modules are programmatically triggered only when a user explicitly interacts with high-value operational paths: namely, during our step-by-step subscription allocation checkout wizard (SubscriptionWizard.tsx) or inside our dedicated payment configuration modal (ManageBillingDialog.tsx).
Absolute PII Masking: In strict alignment with the protections detailed in Section 3, all textual entry areas, inbound SMS text outputs, and authorization keys are completely scrubbed from screen captures via our local code filters before being rendered to our internal support panels.

📺 No Video or Screen Capture

These routines do not record video, stream screen captures, or access local hardware. They capture an isolated stream of structural layout interactions (such as scrolls, clicks, and mouse movements) to reconstruct layout behavior visually for internal troubleshooting analysis.

🎛️5. Managing Storage Controls & Automated Purging

You maintain complete control over the local storage parameters written to your hardware:

Consent Options: You can alter or withdraw your non-essential analytical cookie authorizations at any time by accessing our user-facing cookie preference interface.
Automated Consent Revocation Cleansing: If you revoke analytics consent after granting it, our consent management code immediately purges all active analytics cookies — both _ga / _ga_<container_id> (via the clearGACookies() routine) and ph_joltsms and its variants (via the clearPostHogCookies() routine) — from your browser session.
Browser Disabling Configurations: You can configure your local web browser software to reject all incoming cookies or strip data keys from your localStorage arrays.

⚠️ Consequences of Disabling Storage

If you adjust your local hardware parameters to reject strictly necessary elements (including our active session identifier token joltsms_session), our server security proxy layers will be unable to validate your identity loop. Consequently, you will be locked out of the authenticated user environment and live inbound SMS streams will fail to load.

🏛️6. Jurisdiction, Venue, and Amendment Protocols

This document is governed and executed in absolute structural alignment with the laws of the State of Texas, USA. Any legal dispute or tracking regulatory controversy involving data handling at JoltSMS must be resolved exclusively through binding individual arbitration handled inside Tarrant County, Texas.

Material updates to our cookie configurations will be posted openly to this document, and notable operational variations will be broadcast directly across your authenticated dashboard using our internal system announcement architectures to display version notices right within your client-facing /alerts page view.

✉️7. Contact Information

For technical questions regarding your local tracking footprint or to audit your device storage keys, reach our privacy operations desk directly:

JoltSMS — Operated by Reliable Channel LLC

1710 Keller Pkwy STE 1025

Keller, TX 76248

United States

Email: [email protected]