Cookies and similar storage
Last updated: 12 May 2026
The short version: we set one cookie, which is required for you to stay logged in. We have no analytics, no ad trackers, no fingerprinting, and no third-party scripts that set cookies on our behalf.
1 · What we set
| Name | Where | Purpose | Lifetime | Basis |
|---|---|---|---|---|
| artifakt_session | Cookie | Keep you logged in. HttpOnly, Secure, SameSite=Lax. | 14 days (sliding) | Strictly necessary — Article 5(3) ePrivacy exemption |
| artifakt-theme | localStorage | Remember your dark / light / landing theme preference. | Until you clear it | Strictly necessary — user preference |
Neither value is shared with a third party. The session cookie is opaque (a random token, not encoded personal data) and is rotated on every sign-in.
2 · What we don’t do
- No Google Analytics, Plausible, Matomo, or similar.
- No advertising pixels, retargeting, or conversion tracking.
- No third-party fonts that phone home (we ship Geist Sans / Mono with the site).
- No social-media share widgets that set their own cookies.
- No fingerprinting or browser-feature probing.
- No subprocessor sets cookies on our behalf — when we send your data to an LLM provider for inference, no cookie travels with it.
3 · Why there is no cookie banner
The ePrivacy Directive (Article 5(3)) and Polish UODO guidance require consent for cookies that are not strictly necessary for the service the user requested. Because the session cookie is strictly necessary (you cannot use the authenticated parts of Artifakt without it) and the theme preference is a user-requested setting, the banner is not legally required for our current setup. If we ever add non-essential cookies, you will see a proper consent banner first.
4 · How to clear them
You can clear cookies and localStorage at any time via your browser’s privacy settings. Clearing them logs you out and resets the theme to default; nothing else breaks.