Cookie Policy

Last updated: May 2026

Short version

The marketing site (this page, havenkeep.app) sets no cookies. The partner dashboard (partner.havenkeep.app) sets three first-party cookies, all strictly necessary to keep you signed in and to protect against cross-site request forgery. We do not use cookies for advertising, analytics, retargeting, or any third-party tracker. There is no cookie-consent banner because there is nothing to consent to.

Partner dashboard cookies

These cookies exist only on partner.havenkeep.app. They are set after you successfully sign in.

  • hk_access_token — short-lived JWT access token (1 hour). HttpOnly, Secure, SameSite=Lax. Used to authenticate every dashboard API call.
  • hk_refresh_token — opaque refresh token (7 days). HttpOnly, Secure, SameSite=Lax. Used to mint a new access token when the short one expires; rotated on every use.
  • csrf_token — double-submit CSRF token (7 days). Readable by JavaScript on purpose so the dashboard can echo it back in the X-CSRF-Token header on every mutating request, blocking cross-site forgery.

We delete all three when you sign out or when you delete your account.

Mobile app

The HavenKeep mobile app does not use cookies. Authentication state lives in the platform secure keychain (iOS Keychain, Android Keystore) with hardware-backed encryption.

Third-party cookies

We do not embed any third-party advertising, analytics, or social-media scripts on our websites, so no third-party cookies are set when you visit us. The Stripe billing flow you reach from inside the partner dashboard takes you to Stripe's own checkout pages; cookies set there are governed by Stripe's cookie policy.

Managing cookies

You can block or delete cookies through your browser's settings. If you block hk_access_token or hk_refresh_token, the dashboard will sign you out immediately and you will not be able to sign back in. Blocking csrf_token will cause every mutation (saving a gift, changing settings) to fail with a CSRF error.

Updates

If we ever introduce new cookies, we will update this page and the "Last updated" date before they ship.

Contact

Email: privacy@havenkeep.app