Cookie Policy
Last updated: 2026-05-08
This page explains the cookies and similar technologies AccessProof uses, why we use them, and how you can control them.
What is a cookie?
A cookie is a small text file stored on your device by your browser. It allows a website to recognise you on later visits, keep you signed in, or measure usage. Some are essential, some are optional.
Cookies we set
Strictly necessary
These are required for the Service to function. We do not need your consent for these.
| Name | Purpose | Duration |
|---|---|---|
access_token | Authentication (JWT, httpOnly, SameSite=Lax) | 15 minutes |
refresh_token | Session refresh (httpOnly, SameSite=Lax) | 7 days |
cookie_consent | Remembers your cookie preferences | 12 months |
Analytics (consent-based)
We may set analytics cookies (e.g., Google Analytics 4) only after you opt in. They help us understand which features are used and where users get stuck so we can improve the product.
| Name | Purpose | Duration |
|---|---|---|
_ga / _ga_* | Google Analytics 4 (anonymized IP, only if you consent) | up to 13 months |
Third-party cookies
- Stripe — set on the Stripe-hosted checkout only, used for fraud prevention. See Stripe's policy.
- Cloudflare — may set
__cf_bmfor bot management (essential for security, no tracking).
How to control cookies
- You can refuse non-essential cookies at any time.
- Most browsers let you block or delete cookies in their settings.
- Blocking strictly necessary cookies will break authentication.
Changes
We'll update the "Last updated" date when the cookie inventory changes.