Cookie Policy

CreativeOS uses a minimal set of cookies, all strictly necessary for the platform to work. We do not use analytics, advertising, or third-party tracking cookies. No consent banner is needed.

1. Strictly necessary cookies

• reach_session — authenticated session token (JWT). HttpOnly, Secure, SameSite=Lax. Expires after 7 days of inactivity.
• reach_2fa_temp — short-lived token during the two-factor authentication step. HttpOnly, Secure, SameSite=Lax. Expires after 10 minutes.
• oauth_state — CSRF protection for the Google OAuth flow. HttpOnly, Secure. Removed immediately after login completes.
• sidebar_state — remembers whether you collapsed the sidebar. Not personal data. 1 year expiry.

2. No third-party cookies

CreativeOS does not embed third-party widgets, analytics, or ads. The only external request your browser makes is to Google OAuth when you click "Sign in with Google"; Google's own cookie policy applies at that moment.

3. Disabling cookies

You can clear or block cookies in your browser settings. Blocking the session cookies will sign you out. Blocking sidebar_stateonly resets your sidebar preference.

4. Changes

We'll update the date at the top when anything material changes. Questions? david@turing.paris.

See also: Privacy · Terms · Mentions légales