Cookie Policy
Last updated: 7 December 2025
What Are Cookies?
Cookies are small text files stored on your device when you visit a website. They help websites remember your preferences and provide essential functionality.
Cookies We Use
We only use strictly necessary cookies required for the Service to function. Under UK GDPR Article 6(1)(b), these cookies do not require your consent as they are necessary for contract performance.
Authentication Cookies (NextAuth)
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
next-auth.session-token | Stores your encrypted session token to keep you logged in | 30 days | HTTP-only, Secure |
next-auth.csrf-token | Prevents unauthorized sign-in attempts (security) | Session | HTTP-only, Secure |
next-auth.callback-url | Temporary storage of redirect URL during sign-in | Session | Secure |
Domain: .pkts.app (shared across pkts.app and my.pkts.app)
Cookie Consent
| Cookie Name | Purpose | Duration | Type |
|---|---|---|---|
CookieConsent | Records that you've acknowledged our cookie notice | 365 days | Standard |
Value: true when you accept the cookie notice
Third-Party Cookies
We do not use:
- Analytics cookies (Google Analytics, etc.)
- Advertising cookies
- Social media tracking cookies
- Third-party tracking technologies
Managing Cookies
Browser Settings
You can control cookies through your browser settings:
- Chrome: Settings > Privacy and security > Cookies
- Firefox: Settings > Privacy & Security > Cookies
- Safari: Preferences > Privacy > Cookies
- Edge: Settings > Privacy > Cookies
Warning: Blocking our authentication cookies will prevent you from signing in and using the Service.
Do Not Track
We do not currently respond to Do Not Track (DNT) signals, as we don't use tracking cookies.
Future Changes
If we add analytics or other non-essential cookies in the future:
- We will update this policy
- We will request your explicit consent
- You will have the option to reject non-essential cookies
- We will provide cookie preference controls
Cookie Lifespan
- Session cookies: Deleted when you close your browser
- Persistent cookies: Remain until expiry date or manual deletion
Security
All authentication cookies are:
- HTTP-only: Cannot be accessed by JavaScript (prevents XSS attacks)
- Secure: Only transmitted over HTTPS
- SameSite=Lax: Protected against CSRF attacks
Contact
For questions about our use of cookies:
- Email: tom@pkts.app
- Website: https://pkts.app