Legal

We take privacy seriously.

This page explains exactly what cookies we use and why.

Last updated: 17 March 2026

3

first-party
cookies

0

tracking
tools

0

ads or
analytics

What are cookies?

Cookies are small text files stored in your browser when you visit a website. They let the site remember basic things, like whether you're logged in, so pages work correctly across requests.

Not all cookies are equal. Tracking cookies follow you across the internet and build advertising profiles. We don't use those. Every cookie we set exists solely to make the service function.

Cookies we set

Every cookie below is strictly necessary. They cannot be switched off without breaking core functionality. The remember-me cookie is only set when you explicitly opt in at login.

laravel_sessionSession
Server Heron

Maintains your login session so you don't have to sign in on every page. Expires when the browser session ends or after 30 days.

XSRF-TOKENSession
Server Heron

Security token that blocks cross-site request forgery (CSRF) attacks. Required for any form submission on the platform.

remember_web_*Persistent
Server Heron

Set only when you check "Remember me" at login. Keeps you signed in across browser sessions so you don't have to log in again. Expires after 30 days or when you log out.

Third-party services

Stripe

Payment page only

When you proceed to checkout, Stripe.js is loaded to securely handle card details. Stripe may set fraud-prevention cookies (__stripe_mid, __stripe_sid). These are strictly necessary to process payments securely.

Stripe's scripts are not loaded anywhere else on the site. Stripe is GDPR-compliant and operates under a Data Processing Agreement. Stripe Privacy Policy

Google OAuth

Login redirect only

If you choose "Sign in with Google", you are redirected to Google's servers via a standard server-to-server OAuth handshake. No Google JavaScript SDK is loaded on our site at any point. Google may set its own cookies during the redirect on accounts.google.com.

You can always register with an email address instead. Google Privacy Policy

What we don't use

To be completely transparent about what's not on this site:

Google Analytics
Google Tag Manager
Facebook / Meta Pixel
Hotjar or session recording
Advertising networks
Retargeting cookies
Affiliate tracking
A/B testing platforms

If this ever changes, we will update this policy, add a proper consent mechanism, and notify existing users before any tracking begins.

localStorage

We use browser localStorage (not a cookie) to remember that you've seen and dismissed our cookie notice. This data never leaves your device and is never transmitted to our servers.

Managing cookies

Because all cookies we set are strictly necessary, disabling them will break core functionality. You won't be able to stay logged in or submit forms.

You can clear all cookies at any time through your browser settings:

Google Chrome Mozilla Firefox Apple Safari Microsoft Edge

Questions?

Reach us at [email protected]. For broader privacy questions, read our Privacy Policy.