Legal
Cookie policy
Cookie policy
Last updated: June 15, 2026
We use the minimum set of cookies to make sign-in work and to remember display preferences. No advertising cookies, no cross-site tracking, no behavioural-analytics SDK.
What we set
| Cookie | Purpose | Lifetime | Type |
|---|---|---|---|
better-auth.session-token |
Authentication — keeps you signed in across page loads. HttpOnly, Secure on HTTPS, SameSite=Lax. | 7 days, rolling | Strictly necessary |
cv-theme (Cordon) |
Remembers your dark / light / auto theme choice. JS-readable so the bootstrap script in app.html can avoid a flash on page load. SameSite=Lax. |
1 year | Functional |
| Paddle checkout / customer portal cookies | Set by Paddle on its checkout overlay and customer-portal pages — our Merchant of Record — not by us. Governed by Paddle's cookie policy. | Per Paddle | Strictly necessary (only during checkout / portal) |
We do not set cookies for: advertising, retargeting, behavioural profiling, A/B testing, or analytics tied to individual users.
Why no cookie banner
Strictly-necessary and functional cookies do not require an opt-in consent banner under GDPR / ePrivacy — they're either required to deliver the service you asked for, or you actively set them yourself (theme switcher). We have no third-party tracking cookies that would need consent.
If we ever add analytics or advertising, this policy and a banner land together.
How to disable
Browser settings — every major browser supports rejecting cookies per site. If you disable the session cookie you can't sign in. The theme cookie is optional and the site falls back to your system preference.
Contact
privacy@porthatch.app for cookie-related questions.