Skip to main content

Admin & Privacy

The accountability surface for v10r.dev — who collects what, why it's lawful, how long it's kept, and how to exercise your rights.

Three cookies, exactly.

ePrivacy Art. 5(3) and TTDSG §25 require informed consent for any cookie that isn't strictly necessary. Below is the complete inventory — name, duration, purpose, and which ones we set without asking. There are no third-party cookies.

v10r_consent Strictly necessary
Duration
180 days (~6 months)
Set by
Server, on consent decision
HttpOnly
false
Secure
true
SameSite
Lax

Stores your cookie-banner choice (necessary / analytics / full) so we don't re-prompt you on every page. Without this cookie, the banner cannot remember your decision — that is why it qualifies as strictly necessary under ePrivacy Art. 5(3).

_v10r_sid Analytics (consent-gated)
Duration
30 minutes (rolling) — extended on activity, deleted on tab close
Set by
Server, only after analytics consent
HttpOnly
true
Secure
true
SameSite
Lax

A short, opaque session ID that lets us reconstruct the page-by-page journey for the consented session. Cleared when you reject analytics or close the tab.

better-auth.session_token Strictly necessary
Duration
Session — cleared on logout or expiry
Set by
Server, on successful sign-in
HttpOnly
true
Secure
true
SameSite
Lax

Authenticates you to the protected /app surface after sign-in. Set by Better Auth.

What we do not use

By design
  • No Google Analytics, Plausible, Posthog, or any third-party analytics script.
  • No advertising cookies, no retargeting pixels, no Facebook / LinkedIn / Twitter beacons.
  • No cross-site tracking. SameSite=Lax on every cookie we do set.
  • No browser fingerprinting (we don't read canvas, audio, fonts, or screen geometry).
  • No localStorage trackers. The only client storage used is what Better Auth needs for sign-in.