Legal

Cookie Policy

Last updated: February 15, 2026

🍪 The short version: ShorShield uses only one essential session cookie for authentication. We do not use tracking cookies, analytics cookies, or any third-party cookies. Under the ePrivacy Directive, strictly necessary cookies do not require user consent, so we do not display a cookie consent banner.

1. What Are Cookies?

Cookies are small text files stored on your device by your web browser. They can serve various purposes including authentication, personalization, and analytics.

2. Cookies We Use

Name	Purpose	Type	Duration
shorshield_session	Authenticates your session after login	Essential	24 hours

3. Cookie Properties

Our session cookie is configured with the following security properties:

HttpOnly: Cannot be accessed by JavaScript (prevents XSS attacks)
Secure: Transmitted only over HTTPS in production
SameSite=Strict: Not sent with cross-site requests (prevents CSRF attacks)
Path=/: Available across the entire application

4. Cookies We Do NOT Use

❌ Analytics cookies (no Google Analytics, Mixpanel, etc.)
❌ Advertising or tracking cookies
❌ Third-party cookies of any kind
❌ Persistent tracking identifiers
❌ Social media cookies

5. Local Storage

In addition to the session cookie, ShorShield uses your browser's IndexedDB to store cryptographic keys locally. This is not a cookie — it is a client-side database that never transmits data to our servers. The keys stored here are your private keys used for encryption and authentication. See our Privacy Policy for details.

6. Managing Cookies

You can delete or block cookies through your browser settings. However, if you block the ShorShield session cookie, you will not be able to stay logged in to the application.

7. Contact

Questions about our cookie practices: shorshield@gmail.com