Cookie Policy
Last updated: March 28, 2026
What Are Cookies
Cookies are small text files stored on your device by your web browser. They are widely used to make websites work efficiently and to provide information to site operators.
Our Cookie Usage
We use strictly necessary cookies for authentication, session management, and CSRF protection. These do not require consent under the ePrivacy Directive.
We also use optional analytics cookies (Google Analytics 4) to understand how visitors use the site. These only load after you accept the consent banner on your first visit; if you decline, no analytics scripts are loaded and no data is sent.
Cookies We Set
| Cookie | Purpose | Type | Duration | HttpOnly | Secure |
|---|---|---|---|---|---|
| session_id / __Host-session_id | Maintains your authenticated session. Uses the __Host- prefix in production for additional security. | Strictly necessary | 7 days (refreshed on activity) | Yes | Yes (production) |
| csrf_token | Protects against cross-site request forgery (CSRF) attacks by validating that state-changing requests originate from our application. | Strictly necessary | 7 days (refreshed on activity) | No (must be readable by JavaScript to include in request headers) | Yes (production) |
Cookie Security
- Session cookie is marked HttpOnly, preventing JavaScript access and mitigating XSS risks.
- SameSite=Lax is set on both cookies, preventing cross-site request attacks.
- In production, cookies use the Secure flag, ensuring they are only transmitted over HTTPS.
- The __Host- prefix in production enforces that cookies are set by a secure origin with no domain attribute.
Managing Cookies
You can configure your browser to block or delete cookies. However, since our cookies are strictly necessary for authentication, blocking them will prevent you from logging in to the Service.
More Information
For more details about how we handle your data, see our Privacy Policy. If you have questions, contact us at privacy@redstick.ai.