Draft — pending legal review. This page is a factually-grounded starting point, not a lawyer-reviewed legal document. Do not treat it as final before launch.
Cookie Policy
Last updated: Draft
The short version
Credensy does not use tracking or advertising cookies. There is no analytics or ad-tech running on this product. The one cookie the app sets is strictly functional.
The cookie we use
When you sign in to the Credensy web app, our server sets a single cookie (named with a__Host- prefix, which your browser enforces to require it be secure, host-only, and unmodifiable by any other site) that lets us recognize your browser as the same device on your next login, instead of treating every login as a brand-new device. This cookie:
- Is HttpOnly — inaccessible to any JavaScript running on the page, including in the event of a scripting attack.
- Is Secure and SameSite=None — sent only over HTTPS.
- Contains only a random device identifier — no personal information, no tracking payload.
- Is used solely so your Devices list stays accurate and so we can flag a genuinely new device on your account.
What we don't do
- No third-party advertising cookies.
- No cross-site tracking.
- No analytics cookies that build a profile of your behavior.
Your choices
Because this cookie is strictly necessary for account security (device recognition, not tracking), blocking it will cause the app to treat every login as a new device. You can clear it at any time via your browser's cookie settings, or by revoking the corresponding device from your Devices page.
Contact
Questions about this policy can be sent to support@credensy.io.