SociGrab uses a small number of cookies and localStorage entries strictly to keep you signed in and to remember your workspace preferences. We do not use third-party advertising or cross-site tracking cookies.
01What we store
- session_token (HTTP-only cookie): set when you sign in with Google via Emergent Auth. Expires in 7 days.
- socigrab_token (localStorage): JWT bearer token used for API requests when signing in with email/password. Cleared on logout.
- oauth_states (server-side only): short-lived random tokens (15 min) that protect OAuth flows against CSRF.
02Analytics
We do not embed third-party analytics scripts (no Google Analytics, no Meta Pixel). Basic server-side request logs are used for security and debugging only.
03Your choices
You can clear your browser's cookies and localStorage at any time — this will sign you out. Blocking essential cookies will prevent SociGrab from working.