Cookie Policy

Last updated: July 5, 2026

This page explains what cookies dontpoke.me uses. Short version: one strictly-necessary session cookie, and nothing else. No advertising cookies, no third-party analytics cookies, no cross-site tracking.

Cookies We Use

Cookie Purpose Duration Type
dp_breachKeeps you signed in; also carries a CSRF token used to protect forms from cross-site attacksUp to 14 days, or until you log outStrictly necessary

That's the only cookie the Service sets. It's marked HttpOnly (not readable by JavaScript), Secure (HTTPS-only), and SameSite=Lax (not sent on most cross-site requests) to reduce the risk of theft or misuse.

What We Don't Use

  • No advertising or retargeting cookies
  • No third-party analytics cookies (Google Analytics, Meta Pixel, etc.)
  • No social media embed cookies
  • No cross-site tracking of any kind

Our internal analytics are self-hosted and don't use cookies to identify individual visitors — see the Analytics section of our Privacy Policy.

Browser Storage (Not Cookies)

Some tool pages use your browser's localStorage or sessionStorage to remember preferences (like your last search mode). This data stays on your device, is never transmitted to our servers, and isn't a cookie in the technical sense — clearing your browser's site data removes it.

Why There's No Cookie Banner

Under GDPR/ePrivacy rules, consent banners are required for non-essential cookies (analytics, advertising, etc.). Since the only cookie we set is strictly necessary for the Service to function — keeping you logged in and protecting forms from CSRF attacks — no consent banner is required. If that ever changes (e.g. we add optional analytics cookies), we'll add a consent mechanism and update this page first.

Managing or Clearing Cookies

You can clear the dp_breach cookie at any time through your browser's settings, or simply by logging out. Clearing it will sign you out; it won't affect your account data.

Questions

Email [email protected] with any cookie-related questions.