1. What we use

SealedReturn uses only the cookies necessary to operate the service:

Session cookie (HTTP-only, Secure, SameSite=Strict): keeps you logged in. Lifespan: 7 days, refreshed on activity.
CSRF token cookie (HTTP-only, Secure, SameSite=Strict): prevents cross-site request forgery attacks. Lifespan: same as session.
Theme cookie (regular, 1 year): remembers your light/dark mode preference, if you change it.

2. What we don't use

No third-party advertising cookies.
No Google Ads / Facebook Pixel / TikTok Pixel / LinkedIn Insight tags.
No cross-site tracking cookies.
No fingerprinting libraries.

We do use lightweight first-party analytics (Plausible, self-hosted) that does not set cookies and does not track individual users. Anonymous, aggregated, opt-out available.

3. How to control cookies

You can block or delete cookies in your browser:

If you block our session cookie, you will not be able to log in. The other cookies are not load-bearing.

4. Do Not Track

We honor the Global Privacy Control (GPC) signal where applicable. Since we don't sell or share data for advertising, GPC has no practical effect — but we recognize it.

5. Contact

Questions: privacy@sealedreturn.com.