Cookie Policy

1. Overview

StatusRooster uses a small number of cookies that are strictly necessary for the application to function. We do not use any advertising, analytics, or third-party tracking cookies.

2. Cookies We Set

Cookie	Purpose	Duration	Type
access_token	Keeps you logged in. Contains an encrypted JWT with your user ID.	Session	Essential
oauth_state	CSRF protection during Google/GitHub login. Prevents login forgery attacks.	10 minutes	Essential
flash_message	Shows success/error messages after an action (e.g., "Monitor saved!").	10 seconds	Essential
flash_type	Determines the style of the flash message (success, error, info).	10 seconds	Essential
new_api_key	Displays a newly created API key once so you can copy it. Never shown again.	10 seconds	Essential

All cookies are:

• First-party only — set by statusrooster.com, not by any third party.
• HttpOnly — not accessible to JavaScript, protecting against XSS attacks.
• Secure — only transmitted over HTTPS.
• SameSite=Lax — not sent with cross-site requests, protecting against CSRF.

3. What We Don't Use

• No Google Analytics or any analytics cookies.
• No advertising or retargeting cookies.
• No third-party tracking pixels or scripts.
• No social media tracking cookies.
• No cookie consent banner — because we only use essential cookies required for the service to function.

4. Managing Cookies

You can delete or block cookies through your browser settings. However, if you block the access_token cookie, you will not be able to stay logged in.

5. Related Policies

• Privacy Policy
• Terms of Service

6. Contact

Questions about our cookie practices? Email support@statusrooster.com.