1. What is a cookie?
A cookie is a small text file that a website places on your browser or device. Cookies let a site remember your preferences, keep you signed in, and understand how the site is used. “Similar technologies” include local storage, session storage, and pixels; we treat them all as cookies in this policy.
2. Categories we use
- Essential — required for the site to function (login, security, load balancing). Cannot be disabled.
- Preference — remember choices you make (language, theme). Disabling these will reset your preferences each visit.
- Analytics — first-party, anonymised counts of page views so we can fix broken flows. No third-party trackers, no cross-site profiling. You can reject analytics in the cookie banner.
We do NOT use: advertising cookies, cross-site trackers, Facebook Pixel, Google Analytics, LinkedIn Insight Tag, or fingerprinting libraries.
3. Specific cookies
| Name | Purpose | Type | Duration |
|---|---|---|---|
| anvil_session | Session authentication | Essential | Session |
| __Host-refreshToken | Refresh-token rotation (HttpOnly, Secure, SameSite=Strict) | Essential | 30 days |
| __Host-accessToken | Short-lived access token for API requests | Essential | 15 minutes |
| anvil_csrf | CSRF protection for form submissions | Essential | Session |
| anvil-locale | Preferred UI language | Preference | 1 year |
| theme | Light / dark / system theme | Preference | 1 year |
| sidebar_state | Sidebar collapsed/expanded | Preference | 1 year |
| cf_clearance | Cloudflare bot-challenge passthrough | Essential | 30 minutes |
| _cf_bm | Cloudflare bot management | Essential | 30 minutes |
4. How to control cookies
- Cookie banner — on your first visit from the EU, UK, or Switzerland, we show a banner where you can accept or reject non-essential cookies.
- Browser settings — most browsers let you block or delete cookies. See your browser’s help pages for instructions.
- Logged-in settings — go to Settings → Privacy to update analytics consent any time.
- Global Privacy Control (GPC) — we honor the GPC signal. Browsers sending GPC are treated as having opted out of analytics cookies.
Blocking essential cookies will break login, cart, and similar features.
5. Third-party cookies
Anvil does not embed third-party trackers on our marketing or product pages. When you connect an integration (e.g. Stripe Checkout, Google OAuth sign-in, WhatsApp widget), the third party may set its own cookies in accordance with its own policy, which we link to in our Subprocessors list.
6. Changes to this policy
When we add a new cookie we will update this page and, for EU/UK visitors, prompt you to re-consent via the banner. The “Last updated” date at the top reflects the most recent version.
7. Contact
Questions or concerns about cookies? Email 738888@proton.me.