We use a small number of strictly necessary cookies. These are required to sign you in and keep your session secure. Under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive, strictly necessary cookies are exempt from the consent requirement, so we do not show a cookie consent banner. We do not use analytics, advertising, or tracking cookies, and we do not share cookie data with third parties for those purposes.
Cookies we set
| Cookie | Purpose | Duration |
|---|---|---|
authjs.session-token | Keeps you signed in after login (session authentication). | Session / until expiry |
authjs.csrf-token | Protects sign-in and account actions against cross-site request forgery. | Session |
authjs.callback-url | Returns you to the correct page after signing in. | Session |
These cookies are set by our authentication library (Auth.js / NextAuth). When served over HTTPS their names carry a __Secure- or __Host- prefix.
Managing cookies
Because these cookies are essential, disabling them in your browser will prevent you from signing in and using your account. Most browsers let you view and delete cookies via their settings; signing out also clears your session.
Learn more
For how we handle your personal data more broadly, see our Privacy Notice.