Cookie Policy

We use cookies to keep you signed in and to remember your preferences (theme, sidebar state, items-per-page). We do not use third-party advertising cookies, analytics cookies, or cross-site tracking cookies.

Strictly necessary cookies

Authentication, anti-forgery tokens, and session state. Disabling these breaks
sign-in. Specifically:

  • access_token — your short-lived (~1 hour) Supabase session token.
  • refresh_token — used to silently renew your session in the background. By default this lasts 7 days from your last activity.
  • ccmf.remember_me — set only if you tick Stay logged in on the login form. It tells the server to extend the refresh_token lifetime to 30 days so you don't have to sign in again as often. Unticking the box on your next
    login removes it and returns you to the 7-day default. Don't use this option on a shared or public computer.
  • ccmf.pending_invite — temporarily remembers which invite link you arrived from so the right invite is applied when you finish signing up.

All of the above are HttpOnly (not readable by JavaScript), SameSite=Strict (not sent on cross-site requests), and Secure on HTTPS connections.

Preference cookies

Theme choice, sidebar collapse state, and similar UI preferences. Disabling these resets your preferences on every visit.

Third-party content

Embedded YouTube videos use the privacy-respecting facade pattern — no YouTube cookies are set until you explicitly press play on a video.

Last updated