Cookie Policy

A cookie is a small piece of data a website stores in your browser. Some are essential to operate the site (signed-in state, security). Others are used for analytics, personalization, or advertising. We use only the first category — essential cookies — plus a small amount of first-party analytics that does not involve cross-site tracking.

"Similar technologies" covered by this policy include localStorage, sessionStorage, and the iOS / macOS keychain entries we use to store sign-in tokens on the native apps.

Essential — always on

• Session and refresh tokens — HTTP-only cookies set on sign-in. Required so the site recognizes you across requests. Lifetime matches our token policy (typically a few hours for access, weeks for refresh).
• CSRF protection token — a small cookie that protects form submissions from cross-site request forgery.
• Theme preference — your chosen light / dark / accent setting, stored in localStorage so it persists between visits.
• Consent state— a record of whether you accepted or dismissed any consent banner we may show, so we don't re-prompt endlessly.

Analytics — first-party, aggregated

• First-party request logs (handled by Cloudflare as part of our infrastructure) capture aggregated traffic metrics — country-level location, URL path, HTTP status, latency. These logs are not used to build cross-site profiles and are subject to Cloudflare's privacy posture.
• We do not use Google Analytics, Meta Pixel, TikTok Pixel, or other third-party advertising trackers on the marketing site or in MindWiki Cloud.

What we do not set

• Advertising / retargeting cookies.
• Cross-context behavioral profiles.
• Cookies that "follow you around the web".
• Third-party social tracking pixels (Meta, X / Twitter, LinkedIn, etc.).

• Sign out — clearing your session removes the auth cookies. Sign back in to recreate them.
• Browser-level controls— every modern browser lets you block cookies entirely or for specific sites. Doing so will sign you out of MindWiki Cloud and you won't be able to use authenticated surfaces until you allow them again.
• Do Not Track / Global Privacy Control — we treat GPC signals as a privacy opt-out for tracking-style cookies. Since we do not run tracking cookies, no behavior changes from receiving the signal — but we honor the opt-out if it ever applies to a future feature.

iOS and macOS apps don't use cookies in the web-browser sense. Sign-in tokens are stored securely in the system keychain. Settings and local preferences are stored in the app's own sandboxed storage. The same posture applies: essential storage only; no third-party trackers.

We'll update this page when we change what we set. Material changes (adding a category of tracker) will go through the same notice flow as the rest of our privacy documentation.

• Privacy Policy
• Privacy Choices & Data Rights
• Subprocessors