Last updated: 2026-04-22
Cookies are small files a website asks your browser to store so it can remember things between page loads — your login session, a language preference, an analytics identifier. Local storage is a similar mechanism that lives in your browser and stays until you clear it. Both are controlled by the origin that sets them (e.g., display.dev cannot read storage that dsp.so set). This policy describes every cookie and local-storage key set by the two surfaces we operate.
Owned or private artifacts viewed by authenticated org members inside the app (app.display.dev) are covered by the main Privacy Policy.
These are required for the site to work and do not require consent.
| Name | Type | Set by | Purpose | Duration |
|---|---|---|---|---|
displaydev_cookie_consent | localStorage | display.dev | Records your Accept / Decline choice | Until cleared |
theme | localStorage | display.dev | Remembers light / dark mode preference | Until cleared |
__cf_bm | cookie | Cloudflare | Bot management / DDoS protection | 30 minutes |
| Name | Type | Set by | Purpose | Duration |
|---|---|---|---|---|
__cf_bm | cookie | Cloudflare | Bot management / DDoS protection | 30 minutes |
Loaded only if you click Accept in the cookie banner. If you decline, we do not initialise PostHog and no analytics events are sent.
| Name | Type | Set by | Purpose | Duration |
|---|---|---|---|---|
ph_<projectKey>_posthog | localStorage | PostHog | Distinct visitor id + session metadata | Until cleared |
We configure PostHog with persistence: 'localStorage', so it does not set any ph_* cookies. If you capture a cookie with a ph_ prefix on display.dev, that is a configuration regression — please email privacy@display.dev so we can fix it.
We run no third-party client-side analytics on dsp.so. We do record two things server-side, without cookies, to operate the service:
Both streams are processed server-side on a legitimate-interest basis under GDPR Art. 6(1)(f) — pseudonymised inputs, capped scope, no identifying data stored in your browser. If you want us to purge funnel records associated with your IP, email privacy@display.dev.
Artifacts published to dsp.so may include third-party scripts chosen by the publisher — charting libraries from a CDN, embedded widgets, their own analytics. display.dev does not modify, block, or insert consent UI into publisher-authored content. If a specific artifact's scripts concern you, contact the publisher.
When we add any of our own third-party client-side script to a dsp.so response in the future, we will ship a dsp.so-side consent banner alongside that change and update this page.
Click Cookie settings in the footer of any display.dev page. The banner will reappear and you can accept or decline again. Switching from Accept to Decline also clears the PostHog distinct id from this browser.
dsp.so runs no client-side analytics today, so there is no consent banner to re-open. To clear Cloudflare's bot-protection cookie on dsp.so, clear the site's cookies through your browser's standard privacy settings:
You can disable or limit cookies and site data at the browser level. The vendors' help pages below cover the details:
Disabling cookies entirely will prevent you from logging in to the app. Strictly necessary storage on display.dev and dsp.so (listed in sections 3 and 4) does not contain advertising or profiling data.
Displaydev OÜ Ankru 8-23, Tallinn, 11713, Estonia
We aim to respond to all requests within 30 days.
2026-04-22. We bump this date whenever the tracker inventory above changes.