Legal

Cookie Notice

We use only the cookies needed to keep you signed in — nothing for advertising or tracking.

We use a small number of strictly necessary cookies. These are required to sign you in and keep your session secure. Under the UK Privacy and Electronic Communications Regulations (PECR) and the EU ePrivacy Directive, strictly necessary cookies are exempt from the consent requirement, so we do not show a cookie consent banner. We do not use analytics, advertising, or tracking cookies, and we do not share cookie data with third parties for those purposes.

Cookies we set

CookiePurposeDuration
authjs.session-tokenKeeps you signed in after login (session authentication).Session / until expiry
authjs.csrf-tokenProtects sign-in and account actions against cross-site request forgery.Session
authjs.callback-urlReturns you to the correct page after signing in.Session

These cookies are set by our authentication library (Auth.js / NextAuth). When served over HTTPS their names carry a __Secure- or __Host- prefix.

Managing cookies

Because these cookies are essential, disabling them in your browser will prevent you from signing in and using your account. Most browsers let you view and delete cookies via their settings; signing out also clears your session.

Learn more

For how we handle your personal data more broadly, see our Privacy Notice.