Cookie Policy

What we set, what each is for, and how to manage your choices.

Effective 2026-05-30 Version 1.0 Jurisdiction Vermont, USA

About this policy

This page explains the cookies and similar storage Whisp3r Auth uses, what each is for, and how you can manage them. Our Terms of Service live at /terms; our Privacy Policy lives at /privacy.

Manage your preferences

Use the panel below to turn analytics and marketing categories on or off. Changes apply immediately and persist across visits to this device. Clearing your browser's storage resets your choices.

Essential cookies

Strictly necessary for sign-in and security. These cannot be disabled because the service cannot function without them.

whisp3r-session — your signed-in session identifier. Lifetime: up to seven days, or until you sign out. Flags: HttpOnly, Secure in production, SameSite=Lax.
whisp3r-csrf — protects forms against cross-site request forgery. Lifetime: matches the session.
Transient OAuth state cookies — set briefly during sign-in with Google or GitHub. Deleted immediately after the redirect completes.
theme-mode — remembers whether you have chosen Light, Dark, or System color theme. Stored in localStorage, not a cookie.
cookie-consent-v1 — remembers your cookie preference choices so we don't ask again on every page. Stored in localStorage.

Analytics cookies

Off by default. We currently do not set any analytics cookies. If we add privacy-preserving analytics in the future, they will be listed here and you can opt out using the panel above.

Marketing cookies

Off by default. We do not set marketing or advertising cookies and have no plans to. If that ever changes, this section will list every cookie set and you can opt out using the panel above.

Third-party cookies

The only third-party cookies that may be set during your use of Whisp3r Auth come from the identity providers you choose to sign in with — currently Google and GitHub. Those cookies are set on Google's and GitHub's own domains, governed by their own cookie policies, and outside Whisp3r Auth's control. We do not embed third-party analytics or advertising scripts.

Refusing or removing cookies

You can refuse cookies in your browser settings. Note that you will not be able to sign in to Whisp3r Auth if essential cookies are blocked — the service has no alternative session mechanism.

Changes to this policy

We may update this Cookie Policy. The effective date at the top reflects the most recent revision. Material changes will be highlighted in the banner the next time it appears.

Contact

Questions about the cookies we set? Email auth@whisp3r.com.