Cookie Policy

What cookies we use

Essential (required for the site to work)

• Session cookie— a signed, HTTP-only cookie (next-auth.session-token) that stores your login state. Expires when your session ends or you sign out.
• CSRF token cookie— set by our auth library (NextAuth/Auth.js) to prevent cross-site request forgery. Required for login and form submissions.

What we do NOT use

• No advertising cookies.
• No cross-site tracking pixels.
• No Google Analytics or similar third-party analytics (yet).

Why no cookie banner?

EU cookie law (ePrivacy/GDPR) requires consent for non-essential cookies. Session and CSRF cookies are classified as “strictly necessary” for providing a service the user requested (logging in), so no consent banner is required for them. If we ever add analytics or advertising cookies, we'll implement a proper consent flow first.

Third parties

Third-party services we use (Stripe for payments, Cloudflare for CDN) may set their own cookies when you interact with them directly (example: during Stripe Checkout). Their cookie practices are governed by their own policies.

Changes

If we start using new categories of cookies, we'll update this page and add a consent mechanism where required.

Contact

Questions? [email protected].