Cookie policy
Last updated: 2026-04-29
ArcSentinel uses strictly necessary cookies only. We do not set
analytics, tracking, advertising, or social-media cookies, and we do not
share cookie data with third parties.
Because all cookies we set are strictly necessary for the Service to
function, the EU ePrivacy Directive does not require a separate consent
banner. We still publish this policy so you know exactly what is set.
Cookies we set
| Name (production / dev) | Purpose | Lifetime | Flags |
|---|---|---|---|
__Secure-arcsentinel.session / arcsentinel.session | Holds the encrypted session token after sign-in | Until sign-out, idle expiry, or 30 days, whichever first | HttpOnly, Secure, SameSite=Lax |
__Host-arcsentinel.csrf / arcsentinel.csrf | Defends against cross-site request forgery on auth flows | Per-session | HttpOnly, Secure, SameSite=Lax |
__Secure-arcsentinel.callback / arcsentinel.callback | Remembers the page you were heading to before sign-in | Per-session | HttpOnly, Secure, SameSite=Lax |
All cookies are HttpOnly (not visible to JavaScript), Secure
(transmitted over HTTPS only in production), and SameSite=Lax
(blocks most cross-site sends). The __Host- and __Secure- prefixes
in production enforce these properties at the browser level.
Local storage
We do not use local storage to track you. Local storage is used only for
non-identifying UI preferences (e.g. last sidebar state) and never holds
personal data.
Third-party cookies
- GitHub OAuth (optional): if you sign in with GitHub, GitHub sets
cookies on its own domain during the OAuth handshake. Those cookies
are governed by GitHub's privacy policy, not ours.
- Vercel hosting: the platform hosting the app may set anonymous
edge-routing cookies. These are described at
<https://vercel.com/legal/privacy-policy>.
Disabling cookies
Disabling our session cookie will prevent you from signing in. There is
no graceful degradation; the Service requires authenticated sessions.
Contact
- Privacy: info@arcnode.dev
- General: hello@arcnode.dev