Cookie Policy

Vinculum uses cookies sparingly and only for the purpose of running the service. No tracking, no analytics, no advertising.

What we use

Authentication session cookie

When you sign in, we set one cookie:

• Name: session
• Type: HTTP-only, Secure, SameSite=Lax
• Contents: A signed JWT containing your user ID and session expiry. It is not readable by JavaScript.
• Lifetime: 30 days from sign-in, or until you sign out.
• Purpose: Knowing who you are so you can see your own data.

That is the only cookie we set. No first-party analytics. No tracking pixels. No ad network scripts.

What we don't use

• We do not use Google Analytics, Mixpanel, Segment, PostHog, or any other analytics service on the product surface.
• We do not use advertising cookies or third-party tracking pixels.
• We do not use fingerprinting in place of cookies.
• We do not sell data derived from your browsing to any third party.

Third-party cookies

Cloudflare handles TLS termination and may set a short-lived __cf_bm bot-management cookie on some requests. This is a security cookie set by our CDN provider, not by us. It does not track you across sites and expires within 30 minutes.

Stripe may set cookies on the billing page (Settings → Billing). These are scoped to Stripe's hosted iframe and governed by Stripe's privacy policy.

Changing your preferences

There is no cookie consent banner on Vinculum because we do not run tracking or advertising cookies that would require one. The only cookie we set is strictly necessary for the service to function.

If you want to delete the session cookie, signing out does that. You can also clear cookies for vinculum.run in your browser settings — you will be signed out.

Contact

Questions: privacy@vinculum.run