This Cookie Policy explains how CredentialPilot uses cookies and similar technologies. For how we handle personal data more broadly, see our Privacy Policy.
Cookies are small text files stored on your device by your browser. They let a site remember your actions and preferences (such as keeping you logged in) and, optionally, help measure how the site is used. We also use comparable browser storage (e.g. localStorage) to remember your consent choice.
| Cookie / storage | Category | Purpose | Provider | Consent |
|---|---|---|---|---|
sid | Strictly necessary | Authentication & security — keeps you logged in and protects your session (HttpOnly, Secure, SameSite=Lax, expires after 7 days). | CredentialPilot (9GG LLC) | Always on (no consent required) |
fc_consent | Strictly necessary | Remembers your cookie choice (all or essential) so we don't ask again. Stored in browser localStorage. | CredentialPilot (9GG LLC) | Always on (no consent required) |
_ga | Analytics | Google Analytics 4 — distinguishes individual visitors to measure aggregate usage. Set only after you click "Accept all"; typical lifespan ~2 years. | Optional — only with consent | |
_ga_<container> / _gid | Analytics | Google Analytics 4 — maintains session state and distinguishes visitors for usage measurement. Loaded only after "Accept all"; _gid lasts ~24 hours. | Optional — only with consent | |
_gat | Analytics | Google Analytics — throttles the request rate. Loaded only after "Accept all"; lasts ~1 minute. | Optional — only with consent | |
| Marketing / advertising | Marketing | Not currently used. If introduced, only with your consent. | — | Optional — only with consent |
We use Google Analytics 4 (provided by Google LLC) to understand, in aggregate, how visitors use CredentialPilot so we can improve it. Google Analytics sets the _ga, _gid and _gat cookies (and related _ga_* storage). These analytics cookies load only after you choose "Accept all" in the cookie banner — if you choose "Essential only", or make no choice, Google Analytics is never loaded and no analytics cookies are set. We configure IP-anonymization. You can read Google's practices in the Google Privacy Policy, and Google offers a browser opt-out add-on. See our Privacy Policy for how analytics data is processed.
Our login cookie sid is HttpOnly, Secure and SameSite=Lax, and expires after 7 days. It contains a signed reference to your session, not your password.
When you first visit, a banner lets you accept all cookies or essential only. You can change your choice at any time by clearing the fc_consent value below, or via your browser settings (which can block or delete cookies — note that blocking the session cookie will log you out).
Google Analytics is described above. Payment (Stripe) and email (Resend) providers may set their own cookies when you interact with their flows; see their policies. We do not use third-party advertising cookies.