We use the minimum cookies necessary.

When you sign in, a single session cookie is set on your browser. This cookie stores your encrypted session token so you stay logged in across page reloads. It is httpOnly (not accessible to JavaScript), secure (HTTPS only), and scoped to this domain. It expires when you sign out or after 30 days of inactivity.

We do not use Google Analytics, Facebook Pixel, Mixpanel, or any other third-party tracking cookies. We do not build behavioural profiles. We do not retarget you with ads based on your visits.

We use Vercel Analytics for anonymous page view counts — to understand which features are used. Vercel Analytics is cookie-free and collects no personal data. It cannot identify you as an individual.

When you sign in with Google, Google sets its own cookies on google.com as part of the OAuth flow. These are governed by Google's own cookie and privacy policies. We receive only a session token — we never see or store Google's cookies.

You can clear or block cookies at any time through your browser settings. Blocking the session cookie will prevent sign-in from working. Clearing it is equivalent to signing out.

If we introduce new cookies, this page will be updated and users will be notified before the change takes effect.