Cookie Policy
Last updated: 16 March 2026
1. What are cookies?
Cookies are small text files stored on your device by your web browser. They help websites remember information about your visit, such as whether you are logged in. We use only the cookies that are necessary for the platform to work properly, plus one functional cookie for your language preference.
We do not use any advertising, analytics, or third-party tracking cookies.
2. Cookies we use
Strictly necessary cookies
These cookies are essential for the platform to function. They cannot be disabled. Without them, you would not be able to log in or use StableSync.
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
| __Secure-authjs.session-token | Stores your encrypted session as a signed JWT. This keeps you logged in and identifies which yard you belong to. Set by NextAuth. | Session (expires when you close your browser) or up to 30 days if “remember me” is used | First-party, Secure, HttpOnly |
| __Secure-authjs.callback-url | Stores the URL to redirect you to after signing in. Used during the authentication flow. | Session | First-party, Secure, HttpOnly |
| __Secure-authjs.csrf-token | Cross-site request forgery protection token. Prevents malicious websites from making requests on your behalf. | Session | First-party, Secure, HttpOnly |
| google_oauth_state | Temporary state parameter used during Google sign-in to prevent cross-site request forgery attacks on the OAuth flow. | A few minutes (cleared after sign-in completes) | First-party |
| facebook_oauth_state | Temporary state parameter used during Facebook sign-in to prevent cross-site request forgery attacks on the OAuth flow. | A few minutes (cleared after sign-in completes) | First-party |
Functional cookies
These cookies remember your preferences and improve your experience. They are not strictly necessary but provide useful functionality.
| Cookie name | Purpose | Duration | Type |
|---|---|---|---|
| NEXT_LOCALE | Stores your preferred language (e.g. “en”, “fr”, “es”). This ensures the website and application are displayed in your chosen language. Set when you use the language switcher. | 1 year | First-party |
| oauth_signup_data | Temporarily stores your name and email from Google or Facebook during the sign-up process. Used to pre-fill the registration form after social sign-in. Cleared automatically after use. | 10 minutes | First-party, Secure, HttpOnly |
| ss_seen_hero | Records that you have seen the introductory animation on the homepage. Prevents the animation from replaying on future visits. | 90 days | First-party |
| google_picker_data | Temporarily stores data from the Google account picker during social sign-in. Used to pre-fill account selection. | Session | First-party |
| facebook_picker_data | Temporarily stores data from the Facebook account picker during social sign-in. Used to pre-fill account selection. | Session | First-party |
3. Local storage and service worker
In addition to cookies, StableSync uses browser local storage and a service worker as part of its progressive web app (PWA) functionality:
- Offline support: We store some data on your device so the app loads faster and works when your signal drops. This does not track you or collect personal data.
- Preferences:We save things like your display preferences on your device so they're remembered next time. This data stays on your device and is not sent to our servers.
- Push notification subscription: If you choose to enable push notifications, your browser generates a unique push endpoint. This endpoint is stored on our server so we can send you notifications. You can revoke this at any time through your browser settings or the StableSync notification preferences.
4. Third-party cookies
StableSync does not set any third-party cookies. We do not use Google Analytics, Facebook Pixel, or any other analytics or advertising trackers.
During the Google or Facebook sign-in flow, those services may set their own cookies on their respective domains (google.com, facebook.com). These are governed by Google's Privacy Policy and Meta's Privacy Policy respectively, not by StableSync.
5. Managing cookies
You can control and delete cookies through your browser settings. Most browsers allow you to:
- View what cookies are stored
- Delete individual or all cookies
- Block cookies from specific or all websites
- Set preferences for first-party vs third-party cookies
Please note that if you block or delete the strictly necessary cookies listed above, you will not be able to log in to StableSync.
To clear local storage and unregister the service worker, you can use your browser's developer tools or clear all site data for stablesync.app in your browser settings.
6. Do Not Track
We do not track you across websites. Since we do not use any analytics or advertising cookies, our platform effectively honours Do Not Track (DNT) browser signals by default — there is nothing to disable.
7. Changes to this policy
If we add new cookies or change how we use existing ones, we will update this page and the “Last updated” date at the top. For significant changes, we will notify you through the platform.
8. Contact
If you have questions about our use of cookies, contact us at hello@stablesync.app.
For details on how we handle personal data more broadly, see our Privacy Policy.