Counterspine Counterspine

Legal

Cookies

We don't like cookie banners either. Here's the entire policy.

Cookies we set

  • _counterspine_session — strictly necessary; holds your session after sign-in. Deleted on sign-out or after 30 days. HttpOnly + SameSite=Lax + Secure.
  • CSRF-Token — strictly necessary; CSRF protection. Same lifetime as the session.
  • theme — local storage (technically not a cookie); remembers your light/dark mode choice.

Cookies we don't set

  • No tracking, advertising, or analytics cookies.
  • No third-party cookies.
  • No fingerprinting, no canvas tracking, no Local Shared Objects, no dark patterns.

Why we don't show a cookie banner

Under the EU ePrivacy Directive, "strictly necessary" cookies are exempt from consent requirements. We only set strictly necessary cookies. So no banner.

If you want to control them at the browser level: Settings → Privacy → Cookies in any modern browser.