Cookie Policy

We use only technically necessary cookies and comparable browser storage technologies to provide our services. These mechanisms are required for login functionality, security, secure payment processing, and specific short-lived newsletter flows.

Essential Cookies & Storage We Use

• tdp.csrf-token: Prevents cross-site request forgery (CSRF) attacks on form submissions and API calls. Set by our server on each session and required for most mutating requests, with limited route-specific exceptions where appropriate. Expires after 24 hours. Flags: HttpOnly, SameSite=Strict, Secure.
• Stripe Session Cookie: Used during checkout to securely process payments.
• Appwrite session cookie: A secure, HTTP-only session cookie set by our authentication provider (Appwrite) to maintain your login session across page reloads. This cookie is managed by Appwrite and cannot be accessed by JavaScript. No authentication tokens are written to localStorage.
• sessionStorage (newsletter_email): Temporarily stores your newsletter email during confirmation/error handling to support resend functionality in the same browser session.

These cookies and storage entries are limited to technically necessary purposes, are not used for advertising/tracking, and do not require consent under applicable privacy laws (GDPR & ePrivacy Directive) where strictly necessary.

For more information about our privacy practices, please refer to our Privacy Policy.