Cookie Policy
Last updated May 2, 2026
A cookie is a small piece of data the site asks your browser to store. The same principles apply to similar technologies: localStorage, sessionStorage, IndexedDB, pixel tags. This policy covers all of them. The short version: Watchpost uses one strictly necessary cookie. We don't run analytics, advertising, or third-party trackers. If we ever do, the cookie banner will gate them behind your consent.
This policy is part of the privacy policy.
1. The legal context
The EU ePrivacy Directive (2002/58/EC, as amended by 2009/136/EC) is what most people mean when they talk about "cookie law". It says that storing or accessing information on your device requires your prior, informed consent unless the storage is strictly necessary to provide a service you have explicitly requested. The GDPR sets the standard for what counts as valid consent: freely given, specific, informed, unambiguous, and as easy to withdraw as to give.
2. What we use
2.1 Session cookie (strictly necessary)
When you sign in, we set a cookie that contains an opaque session identifier. The cookie is set by watchpost.systems with the HttpOnly, Secure, and SameSite=Lax flags. It expires when you sign out, or after seven days of inactivity, whichever comes first.
This cookie is strictly necessary: without it you cannot stay signed in. The ePrivacy exemption applies, so we do not ask for consent to set it.
2.2 Local storage entries
A few preferences live in your browser's local storage. Both are scoped to the watchpost.systems origin and can be cleared from your browser settings any time.
watchpost.cookies.v1— your "accept" or "reject" choice from the cookie banner. Stored for 12 months. Strictly necessary in the sense that we cannot honor your choice without remembering it.theme— your light or dark theme preference (used by the toggle in the nav). Stored indefinitely until you clear it. Strictly necessary for the preference to persist.
3. What we don't use
- Analytics cookies. No Google Analytics, Plausible, Fathom, or self-hosted equivalent.
- Advertising and marketing cookies. No remarketing pixels, no Facebook Pixel, no LinkedIn tag, no TikTok pixel.
- Cross-site trackers. No third-party tracking domains are loaded by our pages.
- Fingerprinting. No canvas fingerprinting, font enumeration, or similar techniques.
- A/B testing platforms. No third-party experimentation tools.
4. Third parties on pages we link to
If you click through to GitHub, Stripe's checkout page, or a merchant's site, those third parties may set their own cookies. We do not control those. Their policies apply.
5. The cookie banner
A short banner appears the first time you visit. It explains what we use today and asks whether you accept or reject the placement of any non-essential storage in the future.
As of the date at the top of this page, accepting and rejecting have the same functional outcome, because we do not load any non-essential storage. The infrastructure is in place so that, the moment we add anything optional (for example a privacy-friendly analytics service), your choice is honored. If we add an optional category, we will update this page first, give you a clear description of what it does, and gate it behind a fresh consent prompt.
You can change your choice at any time by clearing the watchpost.cookies.v1 entry in your browser's local storage (the banner will reappear) or by using your browser's "clear site data" tool.
6. Refusing or removing cookies
Most browsers let you block or delete cookies and local storage. The exact controls vary by browser; the help pages from Firefox, Chrome, and Safari are good starting points.
If you block our session cookie, you will not be able to stay signed in. Everything else still works.
7. Changes
We will update this page before adding any new cookie or storage entry, and bump the "Last updated" date at the top. Material changes (a new processing purpose, a new third party) trigger a fresh consent prompt.
8. Contact
Questions: privacy@watchpost.systems.