1. What we use
Strictly necessary (always on)
- Session cookie — keeps you signed in. HttpOnly, SameSite, scoped to our domain. Without it the Service cannot function, so it is exempt from consent.
- CSRF / security tokens — protect form and payment submissions.
- Local storage (functional) — your accent colour, density, reader typography, reading queue, highlights, and collections live in your browser's local storage, never on our servers. This is essential to the features you use and stays on your device.
Optional (off until you consent)
- Product analytics — privacy-respecting, aggregate Web Vitals and feature usage. No cross-site tracking, no advertising IDs.
2. What we do not use
No advertising cookies, no third-party ad networks, no cross-site behavioural profiling, no data brokers. We do not sell or rent your data.
3. Your control
On your first visit a consent banner lets you accept optional analytics or keep only strictly-necessary storage. You can change your choice at any time — clearing the consent re-shows the banner, and your browser settings can block or delete cookies entirely (note that blocking the session cookie will sign you out).
4. Retention
The session cookie lasts for the length of your session or until you sign out. The consent preference is stored locally for 12 months, after which we ask again. Functional local storage persists until you clear it or delete your account.
5. More information
Cookies that process personal data are also covered by our Privacy Policy. Questions go to dpo@eu-platform.local.