Cookie Policy
Updated March 26, 2026
We only use essential cookies required for the service to function. No analytics, no tracking, no advertising.
Cookies we set
| Cookie | Purpose | Duration | HttpOnly |
|---|---|---|---|
sb-access-token | Authentication session (JWT) | 1 hour | Yes |
sb-refresh-token | Keeps you logged in between sessions | 30 days | Yes |
sb-logged-in | Client-side login detection (navigation display only, contains no sensitive data) | 1 hour | No |
pkce-verifier | Secure authentication flow (PKCE code exchange) | 1 hour | Yes |
oauth-next | Preserves your intended destination during sign-in | 10 minutes | Yes |
cookie_consent | Records banner dismissal | 1 year | No |
All authentication cookies are Secure (HTTPS only) and SameSite=Lax (not sent on cross-site requests).
Third-party cookies
Cloudflare Turnstile is used for bot prevention during registration and anonymous scans. It may set its own cookies. See Cloudflare's privacy policy. No other third-party cookies are set. No analytics, no tracking, no advertising.
Managing cookies
You can clear or block cookies in your browser settings. Blocking authentication cookies will prevent you from signing in.