Cookie Policy

Last updated: July 8, 2026

Overview

This policy describes how PrivyDeck uses cookies and similar browser storage. We do not use advertising, analytics, or social-media tracking cookies on pages we control.

Strictly necessary cookies (first-party)

  • Session cookie (NextAuth) — keeps you signed in; duration: session or up to 30 days depending on provider settings; purpose: authentication; legal basis: contract / legitimate interest
  • privydeck-csrf — protects against cross-site request forgery on mutating actions; duration: session; sameSite: Lax; purpose: security

Under EU ePrivacy rules, these cookies are strictly necessary for the service you request and do not require consent. We show an informational notice on first visit.

Third-party payment cookies (Stripe)

Audits may list Stripe as a detected tracker. This is expected when you use paid features:

  • Stripe Checkout and the billing portal load Stripe-hosted scripts to process payments
  • Stripe may set cookies for fraud prevention, session management, and payment completion
  • Category: payment processing — not advertising or cross-site behavioral tracking
  • Data controller for payment card details: Stripe, Inc. (see stripe.com/privacy)
  • These cookies load only when you initiate checkout or open the billing portal — not on every page

You can avoid Stripe cookies by staying on the free tier. To manage cookies, use your browser settings or block third-party cookies (checkout may not work).

Other third-party cookies

OAuth providers (Google, GitHub, Apple) may set cookies during sign-in under their own policies. We do not control those cookies.

Browser storage (not cookies)

  • privydeck-cookie-notice-dismissed (localStorage) — remembers that you dismissed the cookie notice
  • privydeck-vault-passphrase-set (sessionStorage) — session hint that a vault passphrase was set locally; does not store the passphrase
  • Service worker cache (PWA) — offline copies of app assets; no personal data

Your choices (ePrivacy / GDPR)

Strictly necessary first-party cookies are required for sign-in and security. Stripe cookies are required only for payment flows. We do not run optional analytics or marketing cookies, so there is no separate marketing opt-out.

For questions, email privacy@privydeck.com. See also Privacy Policy and Your Privacy Rights.

Back to home