Cookie policy
Last updated: May 27, 2026
We use the minimum set of cookies to make sign-in work and to remember display preferences. No advertising cookies, no cross-site tracking, no behavioural-analytics SDK.
What we set
| Cookie | Purpose | Lifetime | Type |
|---|---|---|---|
better-auth.session-token |
Authentication — keeps you signed in across page loads. HttpOnly, Secure on HTTPS, SameSite=Lax. | 7 days, rolling | Strictly necessary |
cv-theme (Cordon) |
Remembers your dark / light / auto theme choice. JS-readable so the bootstrap script in app.html can avoid a flash on page load. SameSite=Lax. |
1 year | Functional |
active_workspace_id (planned) |
Picks which workspace you're acting in when you belong to more than one. Lands with the workspace-members migration. | 30 days | Functional |
| Stripe checkout / customer portal cookies | Set by Stripe on the checkout + portal pages, not on our domain. Governed by Stripe's cookie policy. | Per Stripe | Strictly necessary (only on those pages) |
We do not set cookies for: advertising, retargeting, behavioural profiling, A/B testing, or analytics tied to individual users.
Why no cookie banner
Strictly-necessary and functional cookies do not require an opt-in consent banner under GDPR / ePrivacy — they're either required to deliver the service you asked for, or you actively set them yourself (theme switcher). We have no third-party tracking cookies that would need consent.
If we ever add analytics or advertising, this policy and a banner land together.
How to disable
Browser settings — every major browser supports rejecting cookies per site. If you disable the session cookie you can't sign in. The theme cookie is optional and the site falls back to your system preference.
Contact
privacy@porthatch.app for cookie-related questions.