Cookie Policy
How essential session, security, and preference cookies are used.
- Effective date
- [OWNER REVIEW REQUIRED]
- Legal owner and jurisdiction
- [OWNER REVIEW REQUIRED]
Essential authentication cookies
Secure HttpOnly cookies carry short-lived access credentials, rotating refresh credentials, and a session identifier. They are required to keep an account signed in and cannot be disabled while using authenticated features.
Security and CSRF
A readable security cookie is matched with a request header for state-changing requests. SameSite, Secure, scoped paths, origin validation, rotation, and server-side revocation reduce common session risks.
Theme preferences
A local preference may remember light, dark, or system theme. It is not used for advertising or cross-site tracking. The initial service does not use advertising or analytics cookies.
Retention and controls
Session credentials have rolling and absolute expiration limits and can be revoked from Settings. Browser controls can remove cookies, but doing so will sign you out. Exact legal retention statements remain [OWNER REVIEW REQUIRED].