Cookie Policy

Last updated: July 2, 2026

EasyOnward uses the fewest cookies possible. We set only two essential cookies, both from our own server, and only when you take an action that needs one. We do not use advertising cookies, cross-site tracking, fingerprinting, or client-side tracking pixels, and we do not sell or share cookie data. Anonymous visitors receive zero cookies until they sign in or start a sign-in round-trip.

This page expands on the Privacy Policy. Where the two overlap, the Privacy Policy governs.

1. Cookies we use

NamePurposeLifetimeFlags
sessionKeeps you signed in and identifies your account on every API call. Strictly necessary; server-side revocable.30 daysHttpOnly, Secure, SameSite=Lax
oauth_stateShort-lived state for an in-flight Google or Apple sign-in, so we can verify the provider's callback. Strictly necessary.1 hourHttpOnly, Secure, SameSite=None

Both are strictly necessary cookies (authentication and security). Under the ePrivacy Directive and similar laws, strictly necessary cookies do not require consent, so EasyOnward does not show a cookie-consent banner — there is nothing non-essential to consent to.

2. What we do NOT use

  • No advertising or retargeting cookies.
  • No third-party analytics cookies (Google Analytics, etc.).
  • No browser fingerprinting or tracking pixels.
  • No cross-site or social-media tracking cookies.

Our product analytics are computed server-side from the request itself, not from a browser cookie — so measuring traffic never depends on tracking you across sites.

3. Content Delivery Network

EasyOnward is served through Cloudflare (our CDN and security layer). To protect the site from automated abuse, Cloudflare may set a short-lived functional cookie (for example __cf_bm) to tell humans from bots. These are functional/security cookies set by Cloudflare, not used for advertising or cross-site tracking. See Cloudflare's cookie documentation for details.

4. Managing cookies

You can view, block, or delete cookies in your browser settings. Note that blocking the session cookie means you will not be able to stay signed in — you can still search and run risk analysis without an account, no cookie required.

5. Contact

Questions about this policy? Email [email protected].