Cookie Policy

Last updated: October 26, 2025

TL;DR: We use minimal cookies for authentication and anonymous visit tracking. No advertising, marketing, or third-party trackers.

1. What Are Cookies?

Cookies are small text files stored on your device by websites you visit. They help websites remember your preferences, maintain sessions, and provide analytics.

SHIOL+ uses cookies only for essential functionality—we do not use cookies for advertising, cross-site tracking, or user profiling.

2. Cookies We Use

Cookie Name	Purpose	Duration	Type
`session_token`	Authenticates logged-in users and maintains session state	7-30 days (based on "Remember Me" option)	Essential
`device_fingerprint` (localStorage)	Anonymous identifier for freemium limits (no personal data)	Persistent (until cleared)	Functional

2.1 Essential Cookies

session_token: This HttpOnly cookie stores your authentication token (JWT). Without it, you would need to log in on every page load. It is:

Secure: Uses Secure flag in production (HTTPS only)
HttpOnly: Not accessible by JavaScript (XSS protection)
SameSite: Set to Strict (CSRF protection)

2.2 Functional Cookies (Browser Storage)

device_fingerprint: Stored in localStorage (not a traditional cookie), this anonymous identifier helps us:

Track anonymous visit counts for dashboard statistics
Enforce freemium limits (e.g., 5 insights per day for non-premium users)
Provide a basic rate-limiting mechanism

This identifier contains no personal information—it's a randomly generated UUID. It cannot be used to track you across websites.

3. Cookies We Do NOT Use

We explicitly do NOT use:

Advertising cookies: No Google Ads, Facebook Pixel, or similar tracking
Analytics cookies: No Google Analytics, Mixpanel, Hotjar, etc.
Social media cookies: No Facebook, Twitter, or LinkedIn tracking
Third-party cookies: No cookies from external domains (except Stripe test mode, which is sandboxed)
Behavioral tracking: No cross-site tracking or user profiling

As an educational project, we prioritize privacy over monetization.

4. How to Manage Cookies

4.1 Browser Settings

You can control cookies through your browser settings:

Chrome: Settings → Privacy and security → Cookies and other site data
Firefox: Settings → Privacy & Security → Cookies and Site Data
Safari: Preferences → Privacy → Manage Website Data
Edge: Settings → Cookies and site permissions

Note: Disabling cookies will prevent you from logging in and using authenticated features.

4.2 Clearing SHIOL+ Cookies

To delete SHIOL+ cookies specifically:

Log out (this deletes the session_token cookie)
Clear your browser's site data for the SHIOL+ domain
Use browser developer tools (F12 → Application → Cookies) to manually delete cookies

5. Third-Party Services and Their Cookies

5.1 Stripe (Test Mode Only)

When you interact with Stripe checkout (simulated payments), Stripe may set cookies for fraud prevention and session management. These are processed entirely within Stripe's iframe and are not accessible to SHIOL+.

See Stripe's Cookie Policy for details.

5.2 CDN Services (Cloudflare, if applicable)

If we use a CDN like Cloudflare, they may set cookies for performance optimization and DDoS protection. These cookies do not track personal data.

6. Your Rights and Consent

By using SHIOL+, you consent to our use of essential cookies. Since we do not use non-essential cookies, you are not required to accept a cookie banner.

Under GDPR and CCPA, you have the right to:

Access: Request information about cookies stored on your device
Deletion: Clear cookies and localStorage at any time
Opt-Out: Disable cookies (though this may limit functionality)

7. Changes to This Policy

We may update this Cookie Policy from time to time. Changes will be posted on this page with an updated "Last updated" date.

8. Contact Us

If you have questions about our use of cookies, contact:

Email: privacy@shiolplus.com