Cookie Policy
Last updated: July 8, 2026
Overview
This policy describes how PrivyDeck uses cookies and similar browser storage. We do not use advertising, analytics, or social-media tracking cookies on pages we control.
Strictly necessary cookies (first-party)
- Session cookie (NextAuth) — keeps you signed in; duration: session or up to 30 days depending on provider settings; purpose: authentication; legal basis: contract / legitimate interest
- privydeck-csrf — protects against cross-site request forgery on mutating actions; duration: session; sameSite: Lax; purpose: security
Under EU ePrivacy rules, these cookies are strictly necessary for the service you request and do not require consent. We show an informational notice on first visit.
Third-party payment cookies (Stripe)
Audits may list Stripe as a detected tracker. This is expected when you use paid features:
- Stripe Checkout and the billing portal load Stripe-hosted scripts to process payments
- Stripe may set cookies for fraud prevention, session management, and payment completion
- Category: payment processing — not advertising or cross-site behavioral tracking
- Data controller for payment card details: Stripe, Inc. (see stripe.com/privacy)
- These cookies load only when you initiate checkout or open the billing portal — not on every page
You can avoid Stripe cookies by staying on the free tier. To manage cookies, use your browser settings or block third-party cookies (checkout may not work).
Other third-party cookies
OAuth providers (Google, GitHub, Apple) may set cookies during sign-in under their own policies. We do not control those cookies.
Browser storage (not cookies)
- privydeck-cookie-notice-dismissed (localStorage) — remembers that you dismissed the cookie notice
- privydeck-vault-passphrase-set (sessionStorage) — session hint that a vault passphrase was set locally; does not store the passphrase
- Service worker cache (PWA) — offline copies of app assets; no personal data
Your choices (ePrivacy / GDPR)
Strictly necessary first-party cookies are required for sign-in and security. Stripe cookies are required only for payment flows. We do not run optional analytics or marketing cookies, so there is no separate marketing opt-out.
For questions, email privacy@privydeck.com. See also Privacy Policy and Your Privacy Rights.