Back to JewelForge

Cookie Policy

Last updated April 18, 2026

This Cookie Policy explains the small data files (“cookies” and similar technologies like localStorage) that JewelForge uses, what they do, and how to control them. This policy supplements our Privacy Policy.

1. What is a cookie?

A cookie is a tiny text file stored by your browser on your device. It lets a website remember things across page loads — most importantly, that you’re signed in. Some cookies are set by us directly (“first-party”); others are set by our service providers when their code runs on our pages (“third-party”).

2. Cookies we use

We use a deliberately small set of cookies. We don’t currently use advertising cookies, cross-site tracking, or fingerprinting.

Strictly necessary (always on)

These are required for the Service to function. You can’t turn them off without breaking sign-in and security.

NamePurposeDuration
__Secure-next-auth.session-token
next-auth.session-token		Keeps you signed in across page loads.30 days (rolling)
__Host-next-auth.csrf-tokenProtects against cross-site request forgery.Session
__Secure-next-auth.callback-urlReturns you to the correct page after sign-in.Session
jf-theme (localStorage)Remembers your dark/light theme choice.Persistent until cleared
jf-cookie-consent (localStorage)Stores your cookie consent choices.12 months

Analytics (optional, off by default)

We are evaluating privacy-respecting analytics (e.g., self-hosted Plausible or PostHog with IP anonymization). At the time of this policy’s date, no analytics cookies are set. If we introduce analytics, you will see them listed here and you’ll be asked for consent through the cookie banner.

Marketing (not used)

We don’t use advertising, remarketing, or cross-site tracking cookies. If that changes, this policy and the cookie banner will reflect it.

3. Third-party cookies

When you interact with certain features, third parties may set cookies:

  • Stripesets cookies in its hosted checkout and billing portal to detect fraud. These only apply on Stripe’s own pages, not on jewelforge.ai directly.
  • Googlemay set cookies during the OAuth sign-in flow on Google’s own domains.

4. Managing your choices

  • In-app: open Settings → Cookies & tracking to review and update your consent at any time.
  • Cookie banner: click the banner that appears on first visit to accept or reject non-essential cookies.
  • Browser controls:you can delete cookies and localStorage through your browser’s settings. Note that deleting the strictly necessary cookies will sign you out and require you to accept the cookie banner again.

5. Do Not Track

Because there is no consensus on how to interpret Do Not Track signals, we currently do not respond to them differently. We honor Global Privacy Control (GPC) signals where applicable.

6. Updates

We’ll update this page if the cookies we use change. The “Last updated” date at the top reflects the most recent revision.

7. Contact

Questions? Email privacy@jewelforge.ai.