Cookie Policy
This Cookie Policy explains the small files we store on your device, what they do, and how to control them. We do not use third-party advertising cookies, cross-site trackers, or behavioural-advertising pixels.
1. Categories we use
| Cookie | Purpose | Type | Lifetime |
|---|---|---|---|
hasb_session | Keep you signed in. Set after successful authentication. | Strictly necessary | 30 days, HttpOnly, Secure, SameSite=Lax |
hasb_csrf | Protect state-changing actions from cross-site forgery. | Strictly necessary | Session |
hasb_step_up | Confirm that you re-authenticated before a sensitive action. | Strictly necessary | 10 minutes |
hasb_theme_v19 | Remember light / dark theme preference. Stored locally as a Web Storage entry (technically not a cookie). | Functional | Until you clear browser storage |
hasb_consent | Record that you saw and dismissed the welcome consent banner. | Functional | 12 months |
hasb_admin_step_up | Re-authentication marker for users with administrative privileges. | Strictly necessary | 10 minutes |
2. What we do not set
- No Facebook Pixel, Google Ads, TikTok pixel, LinkedIn Insight Tag, or equivalent advertising trackers.
- No third-party analytics that fingerprint you across sites.
- No session replay, screen-capture, or rage-click trackers.
- No A/B-testing framework that observes individual behaviour.
3. How to control cookies
You can delete all Hasb cookies from your browser at any time. Strictly necessary cookies will be re-set the next time you sign in. Functional cookies (theme, consent) only reset to their default if you delete them. Removinghasb_session signs you out.
We respect the Global Privacy Control (GPC) signal as an opt-out from any non-essential cookies. Our current cookie set contains no advertising or cross-site tracking, so GPC has no additional effect — but the support is there for the day we might consider any optional analytics.
4. Server logs
Independent of cookies, our web and email servers keep short-lived logs of connection metadata (IP, user-agent, time, response code) for security and debugging. These are retained for up to 90 days and are not joined to other data sources.
5. Changes
We update this list when we add or remove cookies. Major changes are notified by in-product banner.
© 2026 Hasb. Effective 13 May 2026.