Zendrhax uses cookies and similar local-storage technology to keep you signed in, protect your account, and remember your preferences. This page tells you exactly which ones we set.
We do not use advertising cookies, behavioural-tracking pixels, or third-party analytics that build profiles on you across the internet.
What's a cookie
A cookie is a small piece of data your browser stores at the request of a website. The same browser sends that data back on later requests, which is how the site recognises you between visits.
We also use related browser-storage features (sessionStorage, localStorage) for short-lived UI preferences. We treat them with the same privacy posture as cookies.
Cookies we set
Strictly necessary — always on
These keep the Service functional. Disabling them breaks sign-in and core navigation.
| Name | Purpose | Type | Expires |
|---|---|---|---|
PHPSESSID (or similar session cookie) | Identifies your signed-in session. | Session | When you close the browser, or after the inactivity timeout. |
XSRF-TOKEN / CSRF token in form bodies | Protects form submissions from cross-site forgery. | Session | Per-request. |
| Device-recognition cookie | Lets us flag a brand-new device for suspicious-login alerts. | Persistent | Up to 365 days. |
Theme preference (localStorage) | Remembers light/dark choice. | Persistent | Until you clear it. |
Locale preference (localStorage + session) | Remembers your language. | Persistent | Until you change it. |
Strictly necessary — from third parties
When the operator enables specific integrations, those third parties may set their own strictly-necessary cookies on pages where their widgets run.
| Provider | Where it runs | What for |
|---|---|---|
| Cloudflare Turnstile | /register | Bot-challenge verification to protect signup from automated abuse. |
| Stripe | Payment forms inside /billing and the app checkout | Securely tokenises card data so it never reaches us. |
These providers' cookies are governed by their own policies. Links are in our Sub-processors page.
Cookies we deliberately don't use
- No third-party advertising cookies.
- No cross-site behavioural-tracking pixels.
- No third-party analytics that build user profiles.
When we run product analytics it is on aggregated server-side metrics that don't identify individual users.
Managing cookies
You can clear cookies from your browser settings at any time. Clearing the strictly-necessary cookies will sign you out and you will be asked to authenticate again.
If you use 2FA, clearing the device-recognition cookie may cause us to treat your next sign-in as a brand-new device and trigger a suspicious-login alert. That is by design.
Changes
We will update this page if we add or remove a cookie. Material changes are announced in-product alongside the Privacy Policy update they belong to.
Contact
Questions: privacy@zendrhax.com.